With over 2 billion passwords hacked
Table of contents:
Security is an aspect that we value more and more, especially today when a large part of our lives involves a permanent connection to all kinds of platforms and services. It is no longer just about controlling what happens on our Wi-Fi network or on our PC. There are aspects that are beyond our possibilities and those are the ones that are scary.
The management of our data by companies is not always carried out in the most appropriate way. We have seen high-profile cases of leaks of sensitive information. Dropbox, Yahoo, MySpace and even a website like Ashley Madison for contacts with married people, are some examples.The problem is that we now know that there are up to 2,200 million passwords circulating as a result of various leaks. Together they all form a large database of usernames and passwords accessible to anyone, so it doesn't hurt to see if we are affected.
First, check
There are several methods and you will surely be surprised to see how your accounts and credentials can be at risk. One of the methods can be this, go to the haveibeenpwned page and try the email whose integrity you want to check. Of the six email accounts I tested, three were compromised and Drobpox had been on almost all of them, the source of the leak
Is one of the methods. The other is to go to the sec.hpi website and after entering the account we want to check, we will receive an email notice in which offer us a report, similar to the previous one , with potential risks.
As can be seen in the tested account, services such as Dropbox and web pages such as Daily Motion, Taringa or Tumblr coincide. In this sense, the importance, now more than ever, of using the two-step verification system as well as using secure passwords and not using the same access code in different services, because if one falls, the risk extends to the rest.
With two-step verification what we do is add an additional layer of security to the account that we are going to use Like this , we log in with a piece of information that we already know (the password) and with a new one that comes to us each time (the code that we receive on the phone). A system that seeks to add one more verification that it is us and not a third person who is accessing our account.
There are options to control our passwords such as Microsoft Authenticator or Google Authenticator, both very similar, which offer a secure access system from our _smartphone_.
Create a strong password
In this sense, there are a series of considerations that we have already seen and that we can take into account when creating a secure password. Some steps that will also make it easier for us to always keep it in mind and not forget it.
- "The first step is that the first two letters of the password will be the first two of the site where we register. If we are going to register on Spotify it would be sp."
- "We will follow the password with the last two letters of the username. If we register as Pepito, we will already have spto."
- "Next will be the number of letters of the site name. Spotify has seven, so we keep adding: spto7."
- "If the previous number is odd, we will add a dollar sign. If it is even, one at. Since 7 is odd, we are left with spto7$."
- "We take the middle letters of the password and rewrite them using the next letter of the alphabet. You will understand with an example: if we have spto, we rewrite the two in the middle using the following letters of the alphabet, and we are left with qu. In this way, our password is spto7$qu."
- "We count the number of vowels in the password, we add four, and we write it but pressing the Shift key, so that a symbol appears. In this case, we have 2 vowels, so the symbol will be &, which is above the 6 key. We already have the password spto7$qu&."
- "And a last step can be to replace some of the letters with capital letters. We can determine that the second and fourth, for example, can be capital letters. The result would be sPtO7$qu&."
Cover Image | Tookapic Font | Wired
