If you’ve used the Internet for long, your personal information—name, email address, possibly your password—has probably been included in at least one data breach. If so, the email address and password exposed in the breach are no longer safe to use anywhere. Trust me, I learned this the hard way.
Like many people, I used to use the same two or three passwords for years: one for most websites, a stronger one for ‘important’ sites, and my ever-changing work password at my job. I knew that I should have been using a unique password at every site, but changing my hundreds of website passwords just seemed too difficult.
Then one day I received a message from Tesco, confirming a purchase that I hadn’t made. Tesco Customer Service confirmed that someone had accessed my account using the same password that was exposed in the LinkedIn data breach, more than a year earlier. The thief logged into my account, changed the address and password, and spent £38 in Tesco vouchers—all because I had reused my password!
I now use a unique, strong password at each site where I have an account. I could never remember all of these passwords, so I use a password manager to keep track of them all. There are many such tool available today: LastPass, 1Password, Keeper, True Key, etc. If you’d like help choosing a password manager or have any other security questions or concerns, I’d love to help.
Protecting passwords—a checklist:
- Create a unique password for each website or account.
- Use strong passwords: include a mix of upper-and lower-case letters, numbers, and special characters, or use a longer ‘pass phrase.’
- Keep your passwords confidential.
- Use a password manager to make it easy!