Make this a requirement for signing up for new sites and services - if a service doesn’t offer the option of at least two-factor authentication, they don’t treat your information security with the respect it deserves! Optimally, the services you are using would be using some form of multi-factor authentication (such as, oh, I don’t know, SecureAuth), and allow you to sleep much more comfortably at night about your personal information stored in their systems. More and more services are offering, at a minimum, two-factor authentication. And even if you used completely different passwords at work, change them anyway! Moreover, if your personal accounts are compromised, think about whether you used the same or similar passwords for work resources if so, consider reporting the personal identity theft at work so IT can be on the lookout for attempts to misuse your accounts. Trust me, your IT and information security teams would much rather hear the news from you than find out through their tools - or because of an incident using your credentials.
If your credentials have been compromised, they need to know immediately! If you’re worried about getting in trouble or reprimanded for this, don’t be. In the case of your work credentials, reach out to your managers, IT support, and information security team (if your organization has one).
#IS MY PASSWORD COMPROMISED HOW TO#
Reusing the same password for multiple sites make an attacker’s life much easier! Here are some good guidelines on how to create, maintain, and use strong passwords. But remember that password reset functions often rely on sending you an email with reset instructions if your email is compromised, this may well expose more services to the attacker.Īlso make sure that you are using strong, distinct passwords for each service and site you sign up for. If you no longer have access to the account in question, you can attempt to use the password reset functionality of the affected services. If you still have access to your account but are seeing any of the suspicious behavior mentioned above, change your passwords immediately. Multiple sources, from the Verizon 2017 Data Breach Investigations Report to Shape Security’s 2017 Credential Spill Report, report that some 1.1 billion to 3.3 billion credentials were stolen, leaked, or otherwise compromised in 2016 alone!īut what do you do now? Experts recommend that you take the following steps:
Finally, you conclude that your credentials, and very possibly your identity, have been stolen.
Maybe there’s a sudden uptake in spam emails from services, or even an email informing you of a new service you signed up for. Perhaps you start getting lots of unsolicited phone calls for services you’ve never heard of. But then more evidence starts to pile up. Even if you use a password manager such as LastPass or 1Password and still can’t authenticate, you still can’t conclude for certain that you’ve been hacked (but it sure is a good indicator that something suspicious is going on with your credentials). It’s becoming harder and harder to know whether your credentials have been compromised until it’s too late. Does this mean you have been hacked? Or did you simply mistype your password or forget the correct user ID for this site? But one day, you go to access your bank’s website or email provider - or, worse, your work email or employee portal - only to be prompted with an “Incorrect User ID and/or Password” message. Or maybe you haven’t done anything out of the ordinary. Maybe you used someone else’s device, such as a friend or colleague’s mobile phone, to log into your bank website or email provider. Maybe you opened an email that, upon reflection, seems suspicious.
0 kommentar(er)
