I’ve been offline – last week we lost our internet from Friday until mid-Saturday, as our overloaded telegraph pole was replaced, and Things Went Wrong in the transfer. This was followed by a busy family weekend, and today I’ve been catching up with a weekend offline.
One blog post, in particular, was a wake-up call, and I’ve spent much of today following it up. I strongly recommend it to anyone who – like me – relies a good deal on wishful hinking where online security is concerned.
Blog Aid from MaAmma Stephenson advises those who maintain their own websites. Much of it sails over my head, but the post I read today at https://blogaid.net/collection-1-data-breach-and-your-site-security/ deals with data breaches.
You remember – those breaches that made the national news bulletins and you thought That’s OK, I’ve never used that company or those websites. That’s what I thought too.
The blog article pointed me towards https://haveibeenpwned.com/ and includes links to the history of the site and its founder. I’ve spent some time checking our email addresses to see which, if any, have been included in known data breaches. My husband’s email address had been compromised by one database leak and two of mine had been compromised more than once.
I have, on occasion, received security alerts for these two email addresses from the account administrators, saying the account had been logged into from an unknown device. I have been tempted to ignore these, suspecting that a different IP address was being interpreted as a different device (which has happened before when we’re on the move). I am pleased now that I took the trouble to change the passwords for these accounts, and other accounts that shared those passwords (yes – I admit it). These were the accounts that appeared on haveibeenpwned.com/ as having been compromised by database breaches.
I have now registered all my email addresses on the site, to be notified if they are compromised in the future.
As well as checking your email addresses, there is a separate search where you can check your passwords to see if they have appeared in data breaches. This does not necessarily mean that the password was associated with any of your accounts, but it does point to it being frequently used and therefore an inadvisable choice. One of my family member’s appears thousands of times – and no, it isn’t password.
The site is simple to use and requires no technical knowledge whatsoever.
Other advice includes using a different password for each account and keeping a record of them, either as a database or even in a written notebook – arguing that even this is less risky than using the same password for everything. Alternatively, there is a website that will keep track of them for you but rather than detail that here, I refer you to the experts at Blog Aid and haveibeenpwned.com/ .