This past weekend, a major website was hacked, and all the emails and passwords were posted online for the world to see.
Luckily for you, it was a network of technical websites. So if you aren’t a tech guy, you probably aren’t affected.
Unluckily for me, my personal email and password was one of the 1.5 million stolen.
Anyone of BILLIONS of people could have gained access to my:
And could of:
1. Logged into amazon and bought anything they wanted and shipped it across the world.
2. Went into Godaddy and stole all my websites and deleted some of my family’s email addresses.
3. Went into myspace and stolen my identity.
It could of been worse. They could of had my password to my email, bank, or paypal. Since I keep all my email online, a thief could of done some real damage.
And just think how many people of the 1.5 million were lawyers, business owners or tech guys that have a lot of sensitive client or company information in their email accounts.
Many of you take precautions every day to keep you, your business and your family safe: you lock your doors, you don’t put your social security number on facebook, and you don’t throw away bank statements in the trash without shredding them.
Yet, every single friend, family member and client I have given computer help to is using the same password for most websites they visit. Even after I mention that this isn’t smart, they agree and do nothing.
I have a master list of my passwords, and a decent password policy, so it was easy for me to see which sites shared my compromised password. Had I not had that, I would not of known which sites I needed to change and probably would of really freaked out.
As it stands, it freaked me out enough to send this email to you.
Now, I am going to tell you what I do to protect myself, and not only is it easy, but it is actually EASIER THAN WHAT YOU ARE DOING NOW.
But first, I want to clear up a few points.
Three Password Justifications I Hear All The Time
1. “I only use the same password for some sites – not the important ones.”
If any of the sites have your personal information, there is a danger. If the thief can discover the last 4 of your credit card, or mother’s maiden name, they can use that to access other sites. If they can get your phone #, they can fake texts, intercept messages and get your phone records.
2. “No one is going to try to break into my account!”
You’re right, probably no one will. But computer’s might. If you use a word out of the dictionary as your password, or god forbid the three most common passwords, “password”, “qwerty”, or “123456”, someone can run a computer program and log into your account in under a second.
And as the news story above shows, they don’t even need to do that. If any one of the thousands of sites you have an account on has been compromised, you could be a victim.
And the criminals may not be so foolish as to post it online. I had time to make sure all my accounts weren’t compromised; most of you will have no warning and no indication anything is wrong.
3. “I can’t remember 500 passwords”.
Hence my solution…
My Awesome 5 Minute Solution
(At this point, if you want me to just “fix it” for you, just contact me directly)
Obviously, no one can remember more than a half dozen passwords that need letters, numbers, uppercase, blah blah blah. And writing them down on a sticky note stuck to your monitor is insecure in a whole different way.
Step one is to buy or download a free trial of 1Password ($39 for Mac, $29 for Windows). Don’t install it yet. (Use coupon: “MacPowerUsers” for 20% off)
What is this for?
- It stores all your passwords in one safe, encrypted location.
- It takes a master password to open it, so even if a thief is sitting at your computer, they can’t see them.
- Using a real cool trick, all your passwords get backed up and sync’d online so you will never lose them.
- When you install it the way I tell you, your passwords will be available on your iPhone, iPad, any laptop or computer you use.
- It can help you generate passwords so you don’t have to spend time thinking of new ones.
- And most importantly: it will fill out every login form automatically for now on.
For example, when I go to facebook, I just have to click one button in my browser, and I am logged in. I don’t have to type my email, password, nothing. It just works.
(Some of you may have your browser save your password for you. This saves time, but if you computer crashes you will lose it, and if someone else uses your computer, they can see it and access your accounts.)
Step 2: In order to take full advantage of everything I am telling you here, you also have to download and INSTALL the free program, Dropbox.
This is an awesome program in it’s own right.
Dropbox gives you a “folder” or “box” that sits on your desktop (just like any other folder you fill with documents, images, music, etc), that you can “drop” files into.
Those files then get automatically transferred to the internet. Additionally, you can install Dropbox on other computers, iPhones, etc, and each device automatically see’s every file the instant you put it in the “box”.
Dropbox has the added benefit that if your computer ever stops working, all the files in your Dropbox are safe and automatically downloaded back to your computer when you reinstall it.
Once you install Dropbox, you will tell 1Password to store all it’s passwords in there. Therefore, all your passwords are backed up immediately, and can be accessed from any of your devices. That is POWERFUL!
To sign up and download Dropbox, click this link. It is a special link from me, so if you signup, we will both be rewarded with an extra 250 MB of space for life:
Step 3 is to install whichever version of 1Password you downloaded. As you install it, it will ask for your Dropbox information.
Step 4 is to just follow the install screens and allow it to install plugins for Internet Explorer, Firefox or whatever browser you are using.
That should be it. Now the next time you type in a password, 1Password will prompt automatically save it. And once you are comfortable with the program, you can start changing your passwords for each website.
Step 5 Help your friends and family
I originally sent this as an email to my friends and family. If you know of anyone that might also be at risk, please have them read this – ESPECIALLY if you have ever sent them any personal information using email.
3 responses to “My Password Was Hacked”
If you want a free solution, checkout LastPass. I’m looking at switching over to it from 1Password mainly because I want the cross platform capabilities. So far it looks like it will do what I need.
Did you check the actual list to see if your password was one of the ones the actually posted?
I did check out LastPass, but I don’t love it. I like the browser integration better w/ 1Pass.
I did check and I am on the list because at that time my password was very insecure for stupid websites.
1Password’s interface is much better than LastPass. It also seems to be a bit better at catching when you’ve created or changed a password. LastPass works fine, but you have to be a bit more intentional about watching when you are creating a new password.
However the ability to use it on Blackberry, Mac, Linux and Windows makes LastPass well worth it, but I wish I could combine the best from both programs.