With the news of yet another tech company getting breached, Dropbox this time, we highly suggest heading over to https://haveibeenpwned.com/ to check if your email(s) are associated with accounts that have been compromised.
Many of you most likely use the same password across many services; if a hacker cracks it on a service like Dropbox, they will try your credentials on other services... perhaps at your online banking site, PayPal account, email provider, etc.
As far as I know, my personal email is associated with 6 data breaches so far:
At one point in time, my Adobe and LinkedIn credentials (both compromised) were the same for my Gmail and PayPal accounts.
You should take a few minutes out of your day and do the following:
- Check if your email is associated with compromised accounts here: https://haveibeenpwned.com/
- Change you password on compromised accounts immediately.
- If that password was used elsewhere, change the password on those accounts as well. All of them. It sucks, but do it.
- Do it!
Basic Password Tips:
- Use a long password, ideally 10+ characters long w/ mixed lower-case/upper-case/numbers/symbols. To make it easier to remember I suggest setting your password to something meaningful. For example, IllHave2Vodkas! is incredibly hard to crack and yet easy to remember.
- Learn about multi-factor authentication (sometime called 2-step authentication), then enable it whenever you can. Gmail, Outlook.com, and many others now offer this heightened security feature.
How it works in a nutshell: after you enter your username/password, a time sensitive token must be provided as well. You'll set this up on a mobile app such as Google Authenticator or Authy (I like one because it has backup options), and your account will be exponentially harder to access by malicious asshats.
- Learn about password managers. We use 1Password.