What to do if your password is stolen

2024 Author: Malcolm Clapton | [email protected]. Last modified: 2023-12-17 03:44

List of emergency measures to protect personal data.

There are often recommendations on the Internet on how to come up with a complex password and protect it from theft. But what if it has already hit the Web?

How to check if your password is secure

A day later, the media reported on another portion of compromised passwords. It is often not difficult to crack a password, because the top The 25 Most Popular Passwords of 2018 Will Make You Feel Like a Security Genius of the most common are still led by those that are easiest to type with one hand (qwerty, 123456 or "difficult" 1q2w3e4r).

Even if you are 100% sure that you are using strong passwords, stay vigilant. After all, often the leak occurs through no fault of the user.

For example, when attackers intercept and decrypt data, or because of the negligence of companies that store data in the public domain, as was the case with Facebook.

The fact of leaked logins / passwords can be checked on special services: through Have I’ve Been Powned (HIBP) or using the Password Checkup plugin from Google.

Application not found

HIBP even has a special mailing list: it allows you to receive an automatic notification if an email ends up in databases that have been leaked recently.

What to do if the password is stolen

Found your details or suspect that the login / password pair is surfing the Web? Read the recommendations urgently. They can be applied to almost all popular services.

1. Terminate all active sessions

This function is available in the settings of most popular sites and applications: Google, Telegram, VKontakte and others. It will allow you to instantly log out of your account on all devices, except for the one from which you clicked the button. This action will save you if the attacker has already logged in, but has not yet managed to change the password or the mail linked to the account.

2. Connect two-factor authentication

At the entrance, the service will ask for not only a password, but also a confirmation code, which, for example, is sent in the form of SMS to a personal number. A two-factor is something like a bicycle lock: it increases the time it takes to hack and the cost. In my opinion, this should be done before changing the password, but here as you like.

3. Change the password to one that will not be hacked

This means that it must be unique and cryptographically strong. This is a password that is not in the dictionaries and which an attacker will spend a lot of time guessing. Passphrases are now considered the most reliable. This is some kind of relatively meaningless, but easily remembered sentence, which is typed in a different layout. The presence of numbers, symbols and capital letters will, of course, only strengthen the password.

How to keep in mind another long and complex password? Choose a compromise path for yourself. For example, store this information in a text file "Notepad", which will be archived, and put the archive under a complex master password. The second option is to store information in special password managers. The essence is the same: you remember one master password from the repository, which contains all the others.

4. Check your security settings

The data in them could be out of date. How long ago have you checked the answer to the secret question from your mailbox, which came up 10 years ago? What about the list of trusted devices? It is possible that your mother's maiden name has become known to the whole world, and the old mobile phone that you gave to your friend's brother still has access to your account.

How to protect yourself in the future

After you have taken all the emergency actions, take preventive measures.

1. Create at least two mailboxes

One is for registering on important services: on state portals, banking resources, in social networks (what is considered important, you decide, of course). It is better to keep this email as a passport and not to shine anywhere.

The second is for minor resources, where an account is needed to leave a comment or download a book. For these purposes, you can use the so-called temporary Mail services, where you will be given a mailbox that will be valid for 5–20 minutes:

• CrazyMailing;
• 10 Minute Mail;
• 20minutemail !.

2. Store data on the Web only in encrypted form

The simplest way: if you really need to upload important data (which, of course, it is better not to do in principle) to the cloud or send it by mail, encrypt it on your computer and only then upload it to the Network. The simplest way: data - into the archive, archive - with a password.

3. Explore the security settings

• Create a list of trusted devices. In the service settings, connect and list all the gadgets on which you open your personal account. New devices are confirmed additionally - for example, via the phone number linked to the account.
• Specify backup contacts to restore access. Additionally, the specified email or phone number will help restore access to the page if the attacker suddenly changed the password to the account and you cannot log in.

In fact, the only way that guarantees 100% data security on the Internet is by refusing to transfer information over the Internet. But this is utopia, and if you have to use the benefits of the Global Web, it is better to be savvy in matters of security.