We all use passwords from our day-to-day lives to access our accounts and data online, from banking applications to social media accounts. Nowadays, it is becoming a ubiquitous sight to see a new data breach (exposing millions of users' emails, usernames, and passwords to the internet) almost every month or week. I will walk you through what a data breach is and how to protect yourself from it.
What is a password data breach?
It is when some third party (usually a malicious actor) gains access to your accounts and personal information. Passwords can be breached in several ways. They include exploits of outdated software, attacks by malware, viruses, and weak passwords. To check if your account has been compromised, you can visit https://haveibeenpwned.com and https://dehashed.com/. This site has the ability to search by email, user, or even by password. Also, those sites will tell you some fascinating information, such as the name of the hacks in which your data was exposed, username details (in case the site uses a custom username instead of an email), and the hash of the compromised passwords
How to prevent password breaches?
Some of the ways to prevent a password breach include:
• Use or enable multi-factor or multi-step authentication when available.
• Migrate to more robust password-less solutions when available (such as Microsoft Authenticator).
Multi-factor versus multi-step authentication
Multi-factor means that you are using at least two different factors during the authentication process. This includes the original three (something I know, something I have, something I am), plus two more that researchers are introducing: somewhere I am (this is enabled by geo position and geofencing technologies) and my personal favorite, something you do (this is enabled by IoT devices). An example of this will be your bank asking you to move your writs to the right to authenticate. The accelerometers in your smartwatch will capture this movement and that data will be shared by using a secure API with the bank
Conclusion
In a world where cyber-attacks have become more and more sophisticated, it is essential to implement different strategies to protect our privacy from password breaches.
See you in the next blog, keep learning.