Have you been Pwned?

If you are like me, you get what seems like 100 junk emails a day. Sometimes I don’t even stop to read them – if I don’t recognize the sender or the subject line I’m just hitting the delete key as quickly as possible. So I’m not certain what made me slow down and read one particular message from an individual I didn’t recognize but the email stated that they hacked the passwords to all my accounts and that they had already compromised my emails and financial data. According to the sender, I had less than 24 hours to cough up $1,000s in Bitcoin (of course) or my entire personal and financial life would be exposed on the internet. To prove they were serious, they provided an “example” of one of my passwords. Interestingly, while it was in fact one of my passwords– it was one I had not used in years.  So after immediately sending a complete stranger $1,000s in Bitcoin (NOT) I started searching the net. This brought me to an interesting site have i been pwned. For thosethat don’t know Pwned, is slang derived from the verb to “own,” meaning to conquer or to gain ownership.  On this site,  you type in your email and it will search to see if your have been involved in a “breach” or “pastes”. A “breach” is an incident where personal data has been exposed by hackers. Examples include sites like Dropbox and LinkedIn that were hacked by tech savvy “bad guys” who took usernames, passwords and other personal information.   A “paste” is when information that was obtained during a “hack” is published on a public website for others to see – so that less tech savvy criminals can use your personal information. Turns out one of my email addresses was involved in both.  The concern is that once ahacker has your password to a less secure site (e.g. MySpace) it’s likely they have the password or the information needed to gain access your more secure sites (e.g. your bank). Using this, hackers may be able to commit identity theft, steal money, or at the very least, make life miserable for you.

Security experts suggest that the best way to stop hackers is to use different highly secure passwords on each account, but how practical is that? Well it can be, if you use the right tools. If you use Apple products there is a built-in password manager “Key Chain” that will not only generate and remember secure passwords for each site you visit, it will make the password available on all of your Apple devices. It’s not a bad choice, however it can be confusing, it’s not supported by Chrome, and there is a surprising lack of documentation. Is it worth using? If you can tolerate Safari it actually works quite well – once you figure it out.  I love having my passwords at my fingertips whether I’m using my laptop, tablet or phone. And oh yea, its free! If you use something other than Apple products or just don’t want to be married to Safari there are a bunch of alternatives in every price range. Cnet recently produced a “top 10 list” of  password managers. I highly recomend you check it out. We all need to be using unique highly secure passwords.  Now if you’ll excuse me, there is a Nigerian prince that needs my help transferring a large sum of money.