How's your online identity health?

S1000RR  FORUM

Help Support S1000RR FORUM:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.

alex

Forum Moderator
Admin
Moderator
Joined
Apr 29, 2014
Messages
12,271
Reaction score
27
Location
London and Norfolk
I am going through some personal identity security house-keeping and thought I'd share some thoughts on password/identity security.
This isn't meant to panic you and there's no known issue on this site.
I just thought it might be useful....it's also off the cuff and a quick brain dump.

For those not up on their IT security, I thought it would be good to highlight this site.
https://haveibeenpwned.com/ HaveIBeenPwned is an IT Security site which will let you know if your e-mail account has been listed, with *A* password on any of the known security breaches. Both of my key accounts are listed hence me doing something about it at the moment.

Identity Security is important because Identity Theft can leave you in a world of hurt through no fault of your own, money lost etc
If you use the same email & password for multiple internet accounts and are listed on this site then if it was me I would be looking to change my passwords to net new ones to make sure the association with that e-mail password combo is broken.

Password complexity and best practices. If you are looking to replace your passwords the best thing to do is make them memorable, but also make them LONG and not knowledge based (i.e. not your families names etc)
One easy to implement method of making them complex and easy to remember is doing something like this; Cat.Dog.Pony84! It's easy to remember the 3 words, put a dot between each one, capitalise the first letter of each word and then stick two random numbers on the end with a special character to finish off.

Other notes;
  • Never use the same password for your actual mail in ANY other place.
  • Never use the same password for your bank as you use ANY other place.
  • Personally, I am cool with using the same username and password for online shopping, it's convenient. And there are usually other checks and balances before my money can be spent. If the retail website doesn't allow for complex passwords, isn't using https etc then I would consider them a high risk and use a unique password for them...ideally, check out as guest only.
  • Same again for social media and forums.
  • You don't need to change passwords UNLESS you think they are compromised, frequently changing passwords is old advice and being phased out by NIST-800-63
  • Use 2 Factor Authentication where it is possible. 2 factor means Username/Password + something you are/know/have. I.e. a 6 digit code sent to your phone. Or a Yubikey. Or PingID biometric auth. etc.
 
Thanks alex. My main email address was not found to have been compromised, but my old one and a yahoo one was, neither of which are used much, or used for anything of significance, certainly no password association with my main one. Worryingly my work email address had been found the most and that is only ever used to login to work related sites run by blue chip companies (vendors/partners).
 
It should let you know at least which year a which breach (scroll down). So you can guess/know who let it out.

- Alex
 
Thanks for this info Alex, turns out my main personal email address has been ?pwned? on 4 occasions!
Guess this is a much needed nudge to change some of my passwords etc.

I have 1 Password, so maybe it is worthwhile committing to its auto generation feature


- Oli
 
I don't trust password mgmt systems...some have been hacked.

Can't remember which off hand.

- Alex
 
Last edited:
I don't trust password mgmt systems...some have been hacked.

Can't remember which off hand.

- Alex

Got to agree. My business partner uses lastpass and insists its the dogs danglies. All I think is its one breach and the hackers get all your accounts in one go, far too much of a target to be ignored.
 
Another good password tip is to have a phrase and incorporate a number and special character. Cracking software times go up exponentially above around 10 characters. For example. My favourite track is brand hatch gp I lap at 2:05
This translates to MftibhGPila2:05
You can then fill in the password hints with clues to remind you which phrase you used such as Kent?s finest.


Sent from my iPhone using Tapatalk
 
Just checked my emails on that website; personal one has been breached twice business one is fine. Not too sure on what the consequences of this breach would be, I’ve updated my password etc but another change maybe required to be on the safe side!
 
Remember it's the UserID and Password that were stolen....but eveyone uses an email address as their UserID. It does not mean your mail has been compromised, unless you use the same UserID and Password in all cases.
 
Back
Top