There is no such thing as a perfect security model. It's just a matter of time when a computer cracks an account's password or when some hacker who is smart enough finds a hole in the system to be able to gain access to your account. Things like that happen, and the purpose of this post is to remind you that you could be a victim in a data breach, and you probably don't even know it!
How To Check If Your Account Is A Victim In A Data Breach
Company News and Email Alerts
Well, first off, the most obvious one is to look out for news from the companies you have an account with. They will most likely announce if a data breach has occurred in their system.
Another way is to look out for tech news platforms for data breach announcements.
Finally, another easy way to check if your account is a victim in a data breach is to simply look out for email messages from the company announcing a data breach.
What If You Missed The Data Breach News Announcement?
If you missed the announcement, but still have access to your accounts, all hope is not lost yet. You can use a free web tool called "HaveIBeenPwned" to check if your account is a victim in a data breach.
- Enter your email address into the input field.
- Click the "pwned?" button to submit it.
- Afterwards, scroll down a little, and you'll (hopefully will not) see a list of sites that faced a data breach with some information about them (such as what information was leaked).
What Should I Do If My Account Is A Victim To A Data Breach?
There are a variety of things you can do, but the most obvious ones are:
- Change your account(s) passwords associated with that email address.
- Make sure you make a note to never use that password ever again.
- Check to make sure the sites that faced a data breach that your account information was not changed. This is especially true IF the site that had a data breach gives you the option to provide a backup email address or phone number in case you forget your password!
- If your account is a bank account or something sensitive, make sure no suspicious charges or orders were placed from the day the leak happened up until now. Heck, you might even want to consider closing up the card, and reopening a new one (after you pay the bills of course because you don't want to hurt your credit - FYI not a financial expert)!
How Do I Prevent My Account From Getting Hacked?
Ok, so let's say no data breach occurred at all or the company that potentially got a data breach decides to do some shady practices and just doesn't announce or acknowledge that they had a data breach incident. In that case, some things you can do to protect yourself from getting hacked are, but not limited to, the following.
- Consider using 2 Factor Authentication (aka "2FA") as a extra security measure. It will make logging in a bit more tedious, but definitely, a lot more harder to hack into.
- Use a good and long password with a mix of valid characters, numbers, and symbols.
- Be sure to never use the same password or similar passwords with slight modifications and adjustments in multiple accounts (you know who you are!) Make it unique or don't complain if you do get hacked!
- Update your account password every so often (maybe every month or several months is fine).
- Store your passwords in a secure and trustworthy location, and not in plain text.
- Make sure the site you are logging into is using https. You can check by looking at the URL in your internet browser. In front of the URL (to the very left), there should be the words "https" or a lock icon.
- Make sure your computer is protected from malicious software (e.g. virus, spyware, trojans, keyloggers, etc).
- Practice and exercise good internet safety measures by browsing safe sites that are well known. Avoid clicking ads as much as possible. Don't click on any random links unless the site is well established and is credible. Watch out for fake website clones meant to steal your information or "phishing".
How Do I Securely Manage My Passwords and Account Credentials?
The harder the password, the better it is, the harder it will be for hackers to guess it or crack it. However, I'm sure it's safe to say that none of us has just ONE account on the internet. We have dozens, maybe even hundreds!
One way to keep track of all of it safely and securely is to use password management programs (e.g. LastPass, Dashlane, and Keepass).
These password management programs safely encrypt your account credentials that you store inside of it. In addition, some even help you automatically fill out the form fields for the corresponding sites so you don't even have to type it out! Makes life that much more convenient. Not all of them are free, some will have a paid subscription plan if you want additional features such as being able to use it across multiple devices or syncing it to the cloud.
But wait, I know what you're thinking! This is something I thought of as well before I transitioned into using a password management program, and that is what if the hacker somehow figures out the password to access our password management program's account credentials?!
What If The Hacker Hacks Into My Password Management Program?
Well then, but you're pretty much screwed at that point (unless the hacker haven't changed your passwords yet, then quickly change all your accounts' passwords). However, despite that being true, I do have a few counterarguments that I've thought of that makes sense to use a password management program:
- Using a password management program beats storing your passwords and account information in plain text which is protected by ZERO passwords!
- By using a password management program, all you need to memorize now is just ONE hard password instead of the MANY accounts you have on the internet (assuming you are implementing the good practice of NOT using the same password across several accounts.)
- You can always consider using a password management program that stores the information locally on your computer (which should also encrypt the information). This way, the hacker would either have to have physical access to your computer or somehow access it over the internet (which is possible but the chances of that happening is low).
- Use 2 Factor Authentication if applicable.
- Change your password management program account password every month or so.
Again, there's no such thing as perfect security. It's just a matter of time when something gets hacked into or a security hole is revealed. Always keep practicing good habits when creating passwords and browsing the internet. Use password management programs to help make keeping track of your account credentials a bit easier (and safer). Make sure to change your passwords every so often. Let me know in the comments below, do you use a password management program? If not, why?