Every couple of weeks we see a familiar news article “Website XYZ hacked, millions of accounts exposed”, but we seldom think about how that affects us. So why should you change all of your passwords just because LinkedIn lost a few (117million, to be exact) accounts?
Because, you use that password all the time, all over the web and they know it. Hackers are a lot of things, but mostly they can be lazy, just like the rest of us. The first thing that a hacker will do is to check other sites (especially social media) to see if that email address / password they have in their list will work on your account. You may have noticed a few months ago that you started getting emails every time you signed onto your account using a new computer. They warned you that you have just signed on from a new location. It’s with these alerts your web service provider is trying to prevent others from accessing your account. Of course, if it’s your email account they just hacked, they could very easily delete the email before you even read it. Billy Mays once said “…but wait, there’s more!!”
Hackers often use these large lists of real accounts (called “dumps”) and their associated passwords to create a word list (or “dictionary”) that they will then use later to attempt to gain access to other accounts. Using these “dictionary attacks” is more successful when the passwords in the dictionary have been thought up by people and not programs. And large dumps like the LinkedIn hack help create serious dictionaries. Of course having 117 million passwords is going to help hackers crack a few codes, but it gets even worse when they cross reference these accounts with other hacks to create more refined lists that can be used for more targeted attacks on your accounts, because you are more predictable that you think.
Let’s face it, you’re bad at passwords. You make them too easy to guess because there are too many passwords to remember. Any requirement for you to change your password every 90 days results in you using a few passwords that you remember or just adding a number (usually +1) to the end. It’s all just bad, but you shouldn’t feel bad. You didn’t make this system and let’s face it, the system isn’t very good.
But Password Managers are here to help you out! Just remember a single secure password and your password manager will handle the rest. No more bad passwords, let KeePass generate one for you and remember it FOREVER! Pesky websites you need to register for but are never going to go back to? Let LastPass generate and remember that throwaway account! And if XYZ.COM gets attacked by the black hats, so what! They didn’t get anything from you plus all of your accounts have different passwords anyway. You’re in the clear and can go back to finding that cute cat video for your “10 best AWW!!” list.
You can find KeePass here:
You can find LastPass here:
Lane Monk, Systems Engineer