The Second Real Post – Hacking

SilverBear Custom Image

“Hacking” in some form or other happens to just about everybody at some point! It has happened to me and it has happened to very experienced web and security professionals, as I discovered in chasing down what had happened to me. The best you can do is try to minimize the damage that will be done. I learned of my damage when I received a blackmailing email that threatened to expose my questionable online activities unless I paid 400 Bitcoin to a link that was embedded in the email. Fortunately there are no questionable activities to expose.

The email contained my oldest existing email address (which is now gone) and a previous password which I hadn’t used for several years. I learned that the address and password had been stolen in an attack on some website to which I had previously subscribed. Email (or username) and password combinations are offered for sale in lists after they have been stolen.

I replaced the old email address with a new one (a bit of a process with notifications and log-in changes) and reviewed all of my current passwords to ensure that they all meet the following policy.

A couple of years ago after making myself more familiar with web security I created a new password policy for myself.

  1. I never use the same password on multiple sites;
  2. My passwords are between about 16 and 24 random characters, generally as long as a website will accept;
  3. I use a password manager to remember these for me and use a long, complex but memorable password for that;
  4. I have my computer, phone and tablet set to sleep after a short period of inactivity and to require a complex password for reawakening;
  5. I change my passwords at random intervals – the password manager generates long, difficult passwords;
  6. I check the strength of my collection of passwords with a utility in the password manager and last time I checked they were in the top 10%.

Frankly, it’s a bit of a pain sometimes, but it’s much less of a pain than discovering that someone has found a viable password combination and used it to steal from me.

%d bloggers like this: