Password hygiene

Posted in: Computing Services, Security

In the last year more than 642 million account details have been breached and leaked on the internet from services such as Tumblr, LinkedIn and Myspace; to name just a few.

If you are concerned that your credentials may have been exposed in the past then you can check this against a comprehensive list of previous breaches at haveibeenpwned.com.

Criminals are using the leaked data and extending attacks taking advantage when the same username and password from one of these services have been re-used elsewhere

This can lead to cases similar to iCloud, where users have had their devices maliciously held to ransom and wiped through iCloud after their account credentials were exposed, likely through using the same password on sites less secure than Apple's that were subsequently breached.

You can reduce your risk of this occurring in three simple steps:

  1. Ensure every set of account credentials that you create on different sites/services is different. Never re-use your passwords!
  2. Use strong passwords with a mix of lowercase & uppercase letters, numbers and symbols.
  3. Where available, make sure you use two-factor authentication. This is available for a number of services, including Facebook, Twitter, Google and iCloud, just to name a few.

By following these steps then should your account credentials be exposed in a future breach then you’ll only have to change your credentials for that specific service and you can rest-assured that your unique credentials for other sites and services will remain safe... for now!

Posted in: Computing Services, Security

Responses

  • (we won't publish this)

Write a response

  • You say (supra) "Ensure every set of account credentials that you create on different sites/services is different." I have "always" known about not reusung passwords: does this mean that I should use an entirely different username for each site? This doubles the enormous amount of complex information (passwords + user names, former or both ?) comprising "a mix of lowercase & uppercase letters, numbers and symbols" which we must NEVER write down anywhere. Some detailed advice on how safely to look after passwords would be very welcome!

    • Hello David,

      Thank you very much for your comment. You may like to have a look at our IT Security Best Practice guidelines
      We know it can be difficult to remember different passwords, that's why we suggest using an encrypted password vault. You can find out more on the page I have just mentioned. Regards, Jessica.