Last month, password manager LastPass announced that their system had been hacked, exposing email addresses and encrypted master passwords for its users. Users were notified and prompted to change their master passwords.
Shortly after news broke of a flaw found in Apple’s Keychain software that could let malicious software steal passwords across apps on your Mac. This flaw could result in exposed passwords to iCloud accounts, notes, photos, email accounts, banking, social media – you name it.
Both of these stories exemplify just how vulnerable our login systems are. As the LastPass hack shows – even when you are trying to do the right thing and safeguard your passwords, bad things can still happen.
One thing is certain: there is no surefire way to protect yourself against password loss due to hacks and malware unless you stay off the Internet altogether. However, there are some best practices you can implement to reduce the risk of a hack or breach.
Turn on Two-Factor Authentication
Two-factor authentication is typically comprised of two out of three identifiers:
- Something you know, like a password
- Something you have, like a token or code messaged to your phone
- Something you are, like a fingerprint
Turning on two-factor authentication, especially on high-value accounts such as Amazon, Gmail and banking sites is essential. This will ensure that even if your password is lost, a hacker will need the second form of authentication to access to your account.
Practice safe password habits.
Do not reuse your password across multiple sites. Develop a passcode system that helps you remember the unique passwords you develop for each digital account you own. Passwords should be long, should not include any words found in a dictionary and should vary in character type (include special characters, capitalization and punctuation as password systems allow). Be sure to change passwords every six months and use two-factor authentication whenever possible.
Monitor your identity.
Use a service to monitor for suspicious activity of your personal information on the black market. Monitoring services will identify if your personal information, like your email address or password, is being shared on the dark web.
There are many interesting technologies and methods being explored to help secure our login systems. In the meantime, adhere to the above best practices to protect your accounts from unauthorized access. Were you impacted by the LastPass breach? Let us know how you responded on our Facebook or Twitter channel.