Do you think YOU feel 🔐SAFE? 🤣 Check this Website then! 😭

in #security6 years ago (edited)

While browsing through my usual daily news, I found a great deal of places that captured my attention even more, in regards to security of the passwords and general security of internet accounts.

Bottom line...

How can you check?

It's usually a time consuming task, but there are some good places to check for news once you start "digging". Bellow I am sharing a good "simple" one, where you can actually download the exposed passwords files.

This is the page for the passwords: https://haveibeenpwned.com/Passwords
u0d1fxz5a3.png

You can even test passwords, although I would recommend you download the files and test it locally if you know how to do it.

Public hacks compilation

They have also compiled a great history of public known hacks. And once you go through this list, you will be staggered about how easy you can get hacked! I mean, places like LinkedIn, DropBox, BitcoinTalk, among hundreds of others... It's simply overwhelming!

Everyone is eventually exposed!

Been myself trough the above list and decided to change 4 websites and avoided using 7 passwords I used before! YES Crazy! Most of the accounts are not directly exposed (meaning knowing only the password, it would not be possible to hack my account), due great practices, like 2FA or other recovery options. But nevertheless it showed me how easy anyone can be hacked and exposed. Especially if you use the same password in more than 1 place!

1 PASSWORD, ONE SITE! Otherwise its called, HACK ME!

How can you improve security?

I am not going to give the recipe OK?, but take this instead as little "guidance". And feel free to do your own judgment and research. Also, this is mostly for internet facing web-services (rules of engagement change if you use other types of accounts):

  • If the password is not secure (less than 32 chars), make sure you don't have any private information available for hackers and assume the account WILL be hacked.
  • If you care for the privacy of your account have at least 1 additional factor type of authentication and/or recovery method.
  • Don't use recovery emails on internet! (create them with a very long password, enable 2FA and only use them to recover accounts)
  • If you use email as a 2FA and the website allows you to use a different email account, USE IT!
  • If you use KEYS to authenticate, make sure the place you store them, is not exposed (encrypt them and/or protect them from multiple user access).
  • Use password generators (you don't want to memorize passwords) and save passwords on a password manager where YOU are the owner of the "decrypted" data.
  • If you use password managers (you should, but make your own research before using one), have a VERY LONG password (minimum of 32 chars) and change it at least once every year.
  • When you need to memorize passwords, a good trick is to use "Sentences" that make it easy for you to memorize it.
  • Remember to backup your 2FA generation keys, just in case you loose your phone.
  • Make offline backups of your password managers (at least once every year or every time you can't afford to loose something).
  • Use all 4 types of chars if possible (numbers, upper case, lower case and special characters).
  • Have 3-way authorization system (password+2FA+SMS) if systems allow it.
  • Check your emails regularly for alerts of logins and change passwords if you got notified.
  • Don't save passwords on browsers - even if they aim to be secure (one day you forget about where you are login in in with your browser, and get ALL your data exposed).
  • Clear cookies AND CACHED DATA once a year (or when you feel you need to be secure).
  • (ADVANCED) If you need the best possible password possible and you can control the input encoding mode, use hexadecimal encoded passwords or FULL ASCII codes as characters (this will bring the hardest bruteforce difficulty and will make dictionary attacks harder or irrelevant in some cases).

What else can you do?

Embrace the many of the features, Crypto and Blockchain technology brought to society, by using "keys" that you can't easily remember and methods/technologies that enforce several levels of "permissions" within your account (like STEEM or EOS).

Although, be mindful that using crypto is not equal to "be secured". You still need to be aware that the "keys" you are using can still be used by someone else. Therefore, its essential to adopt "less lazy" practices (like I usually call it).

And if you don't need to expose, don't! Simple fact is, that something asks for POSTING KEY on a STEEM app, and you give owner password? NO! Don't do it... use the proper key for each action you need, and the same applies for other web permitionless APIs that you can configure. If you only need read access, create one API key for that purpose, do not reuse others or one that has FULL access.

Stay safe!

Crypto as in Cryptography, is not simple. But with the introduction of Blockchain, lots changed! For good, believe me. Even if the NEWS does not look like it.

Sort:  

Thanks for using eSteem!
Your post has been voted as a part of eSteem encouragement program. Keep up the good work! Install Android, iOS Mobile app or Windows, Mac, Linux Surfer app, if you haven't already!
Learn more: https://esteem.app
Join our discord: https://discord.gg/8eHupPq

Hi, @forykw!

You just got a 1.87% upvote from SteemPlus!
To get higher upvotes, earn more SteemPlus Points (SPP). On your Steemit wallet, check your SPP balance and click on "How to earn SPP?" to find out all the ways to earn.
If you're not using SteemPlus yet, please check our last posts in here to see the many ways in which SteemPlus can improve your Steem experience on Steemit and Busy.

Congratulations! Your post has been selected as a daily Steemit truffle! It is listed on rank 7 of all contributions awarded today. You can find the TOP DAILY TRUFFLE PICKS HERE.

I upvoted your contribution because to my mind your post is at least 4 SBD worth and should receive 79 votes. It's now up to the lovely Steemit community to make this come true.

I am TrufflePig, an Artificial Intelligence Bot that helps minnows and content curators using Machine Learning. If you are curious how I select content, you can find an explanation here!

Have a nice day and sincerely yours,
trufflepig
TrufflePig

Este post recebeu 29.35% de upvote da conta @steemitportugal!
Vota em @steemitportugal para Witness. O teu voto é muito importante!
Obrigado.
Clica aqui para votar
steemitportugal

Hi @forykw!

Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your UA account score is currently 3.119 which ranks you at #9485 across all Steem accounts.
Your rank has improved 132 places in the last three days (old rank 9617).

In our last Algorithmic Curation Round, consisting of 369 contributions, your post is ranked at #195.

Evaluation of your UA score:
  • You're on the right track, try to gather more followers.
  • The readers like your work!
  • Good user engagement!

Feel free to join our @steem-ua Discord server

Coin Marketplace

STEEM 0.21
TRX 0.26
JST 0.040
BTC 101211.27
ETH 3680.97
USDT 1.00
SBD 3.14