My Password Was Hacked, Now What?

Cyber Security
Written By Lee Vaniderstine

Likely you’ve received a link to this article because you’ve received a notification from us telling you your password was compromised. There are a number of tools we use to detect if your password was compromised so this article won’t go into detail about the how. We will simply focus on the “Now what?”.

My Password Was Hacked, Now What?

Step 1 – Know that you’re not alone

While your account being compromised is a big deal, it may be comforting to know you’re not alone. At the time of writing the article, haveibeenpwned.com, the leading public database of breached user accounts, has recorded 5,429,399,504 compromised username/email address and password combinations. Almost five and a half BILLION! The scary part is that the majority of those people are unaware, and are not protecting themselves.

Step 2 – Immediately Change Your Password

If you reuse passwords across multiple sites, make sure you change those too. Especially if you use the same password for your bank.

There are a ton if sites offering advice on how to best set passwords but the United States National Institute of Standards and Technology (NIST.gov), a credible authority on Cyber Security, has a simple to understand guide designed to make passwords simple and secure.

https://www.nist.gov/blogs/taking-measure/easy-ways-build-better-p5w0rd

Step 3 – Never Use that Password Again

Once a password is compromised it’s burned. It is permanently associated with you and considered a potential password, and it makes it into the “dictionary files” that hackers use when attempting to guess passwords.

Step 4 – Confirm nothing fishy has happened with your account

There was likely a gap between when your password was exploited and we discovered your password was breached. Look for and try to think of anything suspicious that could be related to your password being used by a third party. This includes double checking for purchases you didn’t make, and transfers out of your bank account.

If your bank password was compromised, and you can see the answers to your security questions when you log in, you may want to change the security questions that you use for your bank.

Password Tips & Tools

Use a Password Manager App

The two most important practices for passwords are to never use the same password twice, and to use random/complex passwords. The same reasons that make this great for security, make it impractical humans. Enter the password app. Password apps like LastPass enable you to store all of your passwords in one secure location so you can look them up when you need them. This would be a huge security problem, but those systems all use Multi Factor Authentication, and require strong passwords to ensure your account stays secure.

Use Multi Factor Authentication (MFA) Whenever Possible

Multi Factor Authentication is an authentication scheme that requires you to use more than one item to identify yourself. The most common implementations require “something you remember and something you have”, like a Password and your SmartPhone.

Most secure systems are moving to require Multi Factor Authentication for their logins, usually sending a PIN number to your SmartPhone or using an Authenticator app you install on your SmartPhone.

Test Your Password

If you want to test your old password, or the new one you’re about to use, first try putting it into the site below. The following site checks a publicly published list of known exploited passwords, it may not be your password necessarily that is found exploited, however hackers use lists like these to look for common passwords instead of trying every possible combination.

Just because your password comes back clean on this site does not mean it hasn’t been exploited. If you received a notification from us, it’s likely it may have been recently listed for sale on the Dark Web and has not yet made it into the publicly available list of compromised passwords.

SECURITY WARNING – The following site only asks for your password, and other sites can search by your email address. However you should NEVER trust a site that asks for a combination of a username/email and password.

https://passwordsecurity.info/

Let’s Start the Conversation

If you are a happier IT client and would like to start a conversation with your happier IT vCIO, please reach out to, team@happierit.com.

If you’re not yet a happier IT client, but you are interested in becoming one, please contact,  sales@happierit.com.

Lee Vaniderstine
Previous

Internet of Things (IoT) – A Growing Number of Backdoors Into your Network
Next

The Evolution of Cyber Crime in 2017 – What We Saw