Passwords remain the crux of our online security and while biometric recognition (fingerprints, retina/facial recognition) has gained some traction, passwords have not been assigned to history. Indeed, the convenience of passwords provides a flexibility that biometrics can’t. I cannot scoop out an eyeball or lop off a finger tip to hand to a colleague I need to grant access to…
Security and your primary email
You have a primary email, the one you use for most if not all of your logins. It is the password recovery address for all those accounts so if someone hacks it, they could change the passwords on all your logins, giving them access to your accounts and locking you out.
There are two principal ways your email might be breached, either directly by duping you into surrendering your password, or by the breach of a database containing your data. The practice of ‘phishing‘ is that of navigating you to pages that look like Google or PayPal logins but aren’t. To avoid this scam, do nut use the link in the email. Go to your browser and navigate to PayPal (et al) and get your login page that way. The scammers are very clever and can navigate you to a fraudulent login page via other, innocent, web pages, so the toxic link need not be in an email.
If you could memorise the exact URL for each of your logins then you could spot the fakes, but you can’t do that. A password manager, however, will. Even if you’ve fallen for the link-in-an-email trick, your password manager won’t. If you don’t use a password manager, you should read this.
You’ve been hacked
Got to this page: Have I Been Pwned? and enter your email address. If it comes up red, then your email address was in a database breached by hackers. We’re talking about the huge, customer databases held by eBay, Amazon, Facebook and the like. The hackers are looking for email addresses, passwords, postal addresses, credit card details, dates-of-birth – all tools they can use to perpetrate fraud or sell on to others for the same purpose. Do not think big businesses keep secure databases. If you have ever been a TalkTalk customer then your details are out there with the hackers, read the full horror story here. But they are not the only ones, the hackers strike everyday and on accounts big and small.
Do you use the same password on different account logins? If you use the same password repeatedly, and your email has been hacked on one account – say TalkTalk – it means every account using the same login has been hacked too. You’ll need to change your password on every account. Nightmare.
What you should do
- Use long, strong, passwords;
- Use unique passwords – never repeat them;
- Use a password manager, and
- Use two-factor or multi-factor authentication where it is available.