Here at
HackerAttacker, we talk a lot about how to protect yourself from hackers of all
shapes and sizes (or colors,
as it were). What we rarely talk about is
what it is liked to actually be hacked.
There are countless examples of various individuals being hacked (and
we’ve talked a lot about some big
company hacks as well), so you know it isn’t some rare occurrence. Today, I’m going to talk about some password
policy best practices I learned from being hacked myself, and how the
experience changed the way in which I approach my online security.
Now, I
didn’t get hacked at work, and an outsider did not breach my business e-mail or
digital profile. The breach in my
personal life took place by way of my personal Gmail account to breach an
online gaming account. I followed all recommended
steps following an e-mail breach, and nothing significant was lost. However, the breach illustrates a significant
point of discussion for the influence a successful hack can have on your life,
be it personal or business. Do take care
and learn from my mistakes. Below are 5
ways that being hacked changed me, a discussion of some password policy best
practices, and some suggestions for how you could be affected if your digital
identity is breached.
4 Ways Being Hacked Changed Me – Password Policy Best Practices
If one account gets hacked, you immediately think of all other accounts that are linked to it
One of the
first things that came to mind when I was hacked was where else I used that
particular password. I had to go back
through all of my digital personas: other email accounts, social media,
purchasing websites, everywhere I may have used the password, or a variation of
which, that was cracked. The whole
experience didn’t take very long, and changing and updating passwords is a
simple matter, but it just made me realize how important it is to NOT use the
same password in multiple locations. Seriously.
DON’T DO THAT. If the hacker who breached my account had dug deeper into
my Gmail, aside from using it to access an online game and clean out massive
hours of devotion, he/she could have wreaked havoc on my digital life.
Most of us
take it for granted when we see various password best
practices guides online that tell us not to repeat passwords in multiple
locations. This is even worse if we
believe our password to be a strong one.
After all, like the old adage says: if it ain’t broke, don’t fix
it. Well, let me tell you, knowing one
password to breach an account makes it so much easier for a hacker to get into
other accounts, just by reusing that tried and true combination. Don’t make their job any easier than it needs
to be – change your passwords often, and keep them different for different
services.
You are always on the lookout for weak passwords.
Speaking of
passwords and password strength, another thing that being hacked changed for me
was my paranoia around weak passwords.
Every new service that I create an account on or join asks me for a
password. I now devote far more time than the typical user in creating any
password. It only takes one small data
breach in your personal life for you to realize just how weak some passwords
really are.
It’s kind of
funny in a way, because now that I’ve been hacked and survived, I’m always
preaching to my friends whenever I can successfully guess their passwords
(people still don’t have a great grasp on what
actually makes a ‘strong’ password).
It’s all in good fun, but it is also an eye opener for them. Sure, I know them better than any digital
stranger may, but access to
social media and various digital services that show any information about
you is enough for many hackers to gain a rough picture to start digging
with. I thought my initial Gmail
password was strong because it had literally nothing to do with me, yet some
stranger broke it without even knowing who I was (I later looked into the
issue, and found that the IP address was located in China. It may have been routed through there, but
given the nature of the breach, it seems likely that this was around the right
area).
You realize how insecure passwords really are.
Another
shocker that comes with the fallout of being hacked is the realization that
passwords are, for all intents and purposes, extremely weak! It’s a
world-shattering realization when everything comes crashing down around your
ears because someone figured out one simple combination of words and
letters. As soon as I started updating
and changing my old passwords, I realized that no matter how strong and
apparently random they were, there was always a chance that someone, or
something (automatic brute
force attack tools for example), might be able to break right through. Now, I’m not hiding nuclear launch codes or
plans for world domination (aside from a couple what-if storylines, but who
doesn’t have those?), but imagine if I were?
Even enabling a two-factor
solution seems like a stopgap to me when I look at authentication in its
various forms.
One thing
that being hacked truly taught me was the need to step away from the password
and find something entirely more secure. For starters, a lot of programs have additional
security measures that you can enable, but that’s really just another bump
in the hacker road. Microsoft has been
stepping towards facial recognition and other simpler forms of biometrics to
enable stronger authentication, but true security is still a ways away. In the meantime, passwords are here to stay,
and following certain password policy best practices is a great start until
security catches up with our individual needs.
Reusing passwords becomes almost painful.
After going
through the process of checking, changing and otherwise strengthening my
various preexisting passwords, the idea of reusing any of them has become
repulsive to me. Every single time that
I am asked to create a password, I still instinctively begin typing in a
variation of my favorite password before I realize how terrible an idea that
really is. Looking at it from the lens
of a victim, I chastise myself at every account creation and synthesize
something unique every time. It’s
definitely not easy, but it is necessary.
I don’t want the next attacker to be the one who realizes accessing
multiple accounts could lead to some financial gain. I’d rather struggle every
once in a while to remember a password than have the next breach of my data
take place via my workplace accounts.
There are
plenty of solutions out there, for both individuals and corporations. The decision really boils down to whether or
not you want to put your trust in a freeware solution, hosted locally on your
machine, or with a technical company who has experience with authentication solutions
for businesses of all sizes. Password
management is a simple process to make having a strong online presence as
painless and convenient as can be, and it should definitely be considered when
keeping track of multiple passwords to minimize password resets and data
breaches in one fell swoop.
BONUS! You back up files in multiple locations, including off the web
As far as best
practices go, along with the fallout of being a victim of a hack, here’s a
bonus for all of you intrepid readers out there: back up everything important
to you in multiple locations – especially off the web. One of the things that hit me hard when I was
hacked was just how much I stood to lose. I don’t just mean financially, but
intellectually as well. I am a writer,
so I have various stories, poems, and other works that I constantly edit and
work on all over the place. One of the
locations in which I store some of these items is Google Drive. When my Gmail was hacked, however, I realized
that they could easily have logged into my Google Drive account and deleted all
of my files there! As a result, I now backup my important documents locally, on
multiple devices so as to minimize the risk associate with any breaches that
may happen in the future. Ideally, this
would not happen again, but with the evolution of the digital age, it is only
natural to assume the digital
attacker will evolve as well.
If you have
anything important that you save over the web and could not stand to lose,
invest in a local, external
hard drive that has no network access for your backups. It may seem like another hassle, but its easy
for a hacker to break through a network, and it is much harder for one to get
at an external drive unless they are physically accessing it. When it comes to securing what is important
to you, is there really anything you wouldn’t do?
So there you
have it: what being hacked taught me about password policy best practices, and
what you can do today to keep yourself from being added to the lists of victims. Consider adopting some of these password
policy best practices in your personal and business life to minimize any risk
of digital threats that could bankrupt you, or cause your business some undue
harm. As always, stay strong and be
prepared. We are the HackerAttacker
nation.
No comments:
Post a Comment