Have You Been Pwned?

My high school English teacher would break my legs if she knew I was going to start a blog post with a "The dictionary defines..." statement, but in this case I feel that I must. 'Pwn' is an internet slang term that refers to winning or defeating one's opponent online.  In computer games, this is when one player defeats another player, usually by a large margin. For 'hackers', this term refers to hacking into a website and retrieving large amounts of information, usually in the form of passwords, email addresses, or credit card numbers.  If your website has ever been hacked or you've ever been the victim of identity theft (or someone beat you at online chess), you've been 'pwned'.

So have you actually ever been 'pwned'?  Maybe!  You may have gotten a new credit card after Target or Home Depot were hacked.  But what about other websites that you're a member of? Have you ever had an account on one of the following websites/services?

MySpace
LinkedIn
Adobe
Tumblr
Comcast
Yahoo
Sony
Vodafone
Plex Media Player
Avast Antivirus

This is an incredibly small list of websites that have had major data breaches.  Hackers have been trading email addresses, passwords, and sometimes credit card information from these sites (and many others) for many years, and the list is constantly growing.

It's embarrassing to get 'pwned'.  Companies tend to not admit that they've been hacked until they absolutely have to.  In the case of LinkedIn, they were hacked in 2012, but the stolen information didn't surface until 2016.  So how do you know if you've been 'pwned'?  You can check at the following website (don't worry, it's safe):

https://HaveIBeenPwned.com

If you've found that your email is listed on that site, you should change all of your passwords as soon as possible, if you haven't already done so.  Adobe and LinkedIn forced password resets, but if you use those email addresses and passwords on any other services, you are at risk of having your accounts compromised.  This happened to users of TeamViewer, recently (allegedly- no one is 100% sure what happened at the time of this writing).  Hackers were apparently able to use information that came from other data breaches to hijack computers running TeamViewer.  They were then able to log into sites like PayPal, Amazon, and eBay to send themselves money and gift cards right from the victim's own computer.

According to the above website, I've had my data stolen at least 2 times.  My Adobe and LinkedIn accounts are both available on the internet.  I've long since changed all my passwords and enabled Two Factor Authentication (this will be a topic of a future blog post) on any service that allows me to do so.

Password security is incredibly important.  It needs to be complex, but it also needs to be easy to remember.  There are many theories out there on how to make a good password (yet another future blog post).  Minimum of 8 characters, Uppercase, Lowercase, Numbers, Special Characters, etc.  The most important rule, in my opinion, is to never use the same password for different services.  If you use the same email and password for LinkedIn and your bank, hackers will have access to your bank account when they steal the information for LinkedIn.

I use a similar password for multiple sites, but I vary it.  If my password were FuzzyWhiskers501 (it's not), then I would vary this for my Gmail account: FuzzyWhiskers501.Email.  For Facebook it could be: SocialWhiskers501.  Or something similar.

Of course, you can make much more complicated passwords using a password generator: k4uw97q7uV}W^Q=::jJph

You can't really remember that password.  But you can use a password manager like LastPass or KeePass.  You can also store passwords in Firefox, Chrome, Edge or Internet Explorer.  Just remember that if someone were to compromise your computer, and you don't have a strong password protecting your password manager, you've just had all of your data compromised.

Personally, I use Firefox to manage my passwords, I have Two Factor Authentication turned on where I can, and I vary my passwords.  I have a master password which protects the data stored in Firefox.  And I can use Firefox on iOS to have access to my passwords on my mobile devices.  LastPass offers a similar solution, for a small fee.