How To Know Whether Your Account Has Been Safe Until Now
You are trusting various internet companies with your passwords. With data breaches becoming more common (like this, this and this), is your data safe? How to know whether your password has been stolen? And what do you do if the unfortunate has happened?
Have you been hacked?
Coming to the point straight away, have you been hacked? Lets find out:
Go to the above website and enter your email address. Don’t worry about your privacy or safety, Mozilla(a well known non-profit organization) maintains this site. If you are greeted with the message “This email appeared in zero data breaches” then your account has been safe until now, but if your data has been affected with any of the previous data breaches, it will display something like this,
If your data has been breached, there is one important thing you should know before you start freaking out. There is still a good chance for your data to be safe. To know how, you should understand how companies store your password.
How is your data stored:
Every online account has a password associated with it. When you register with your password, they are not stored as raw data in the company’s database. Instead, they are fed to a hashing algorithm to create some gibberish value called hash, this process is called Hashing. The Hash generated is unique to your password and your passwords cannot be traced back from them. Therefore, hackers will be seeing a bunch of random letters, rather than your password.
By Pluke — Own work, CC0, https://commons.wikimedia.org/w/index.php?curid=18296416
Every time you enter your password, a hash is generated and compared with the hash stored in the database.
Should you care:
If no actual passwords are being stored, then should you worry about your hashes being hacked? Yes. Storing hashes instead of passwords is not completely foolproof. Once hackers get their hands on the hashes, they try to find out your password using various techniques. Yes, your passwords cannot be traced back, but they try to generate the same hash value by feeding random data to the hashing algorithm. Since each hash is unique to a password, when the hackers manage to generate the exact hash value, they have cracked your password.
How long it takes to crack your password depends on the strength of your password. This password guessing is done with powerful computers, so it’s easy for them to crack the common passwords. When your passwords are long and complex, it will take them centuries to crack your password. In other words, it will be impossible for them to crack a long and complex password, at least for now.
What can you do:
If you have been affected by a data breach, don’t panic. Change your password immediately. Even if your data has been safe until now, there is no guarantee that it will remain the same way. To be safe, replace your weaker password with a stronger one. To create a strong password, several websites suggest having a minimum of 8 characters containing at least one capital letter and a numeric digit. Also, you would have heard advises like use first letter of every word in a sentence (I am in love with the shape of you ==>Iailwtsoy). These are a good technique to create a complex password but it isn’t long enough.
I suggest a better idea, instead of those first letters, use the whole sentence. This usage of a sentence as a password is called passphrase. You can create a sentence of your own such as “I will become fit before next year”(with or without space). An added benefit is the extra motivation you will be getting each time you type the password every day😉. Thank me later.
Try to associate different sentence with different accounts. One for your Facebook, one for your Snapchat, one for your Insta etc. Even if your password has been cracked, the hacker won’t be able to access your other accounts.
Simply adding a recovery phone number to your Google Account can block up to 100% of automated bots, 99% of bulk phishing attacks, and 66% of targeted attacks — Google Security Blog
Also enable Two Factor Authentication(2FA), wherever possible. Two Factor Authentication is the process of using two different methods to verify the user. To know more, click here
Everything is becoming smart nowadays. Your phone, TV, speaker, even your toothbrush has become smart. Isn’t it time for your password to become smart enough to protect your data. Change your password right away. As long as you have an uncommon & long password, unique to each account with two factor authentication turned on, You can stay cool😎 even if data breaches occur everyday. Have a safe and secure digital life.
If you found this article interesting hit the clap icon(50 times😍👏) and follow me to know more about Technology and Privacy. Please don’t forget to share your experience on what you found in the Firefox Monitor, tell us whether your data had been breached and were you informed about it (I wasn’t).
How To Know Whether Your Account Has Been Safe Till Now was originally published in Hacker Noon on Medium, where people are continuing the conversation by highlighting and responding to this story.