Passwords and Online Accounts
With recent developments regarding storyofrachel's accounts being targeted and compromised, I think it's pretty important to show that a major lesson can be learned about how to protect your online accounts. Hopefully you've already heard and live by all that is below in the post, but for those that don't, consider this a good entry to securing your online accounts.
- Don't use the same username for two different services
This is one of the easiest ways to link two accounts to the same user. Malicious actors will have a much more difficult time knowing all the services you use if the names are unique and unrelated.
- Don't use the same password more than once
We're all guilty of this. Convenience is a sweet siren, but if one account is ever compromised, it can domino to all of your other accounts if they share the same password.
- Change your passwords regularly
Even if your password is secure, it is good practice to regularly update these passwords. By changing your password every 6 months, a service breach from 1 year ago won't do much to compromise your account.
- Use Multi-Factor Authentication
There are three main ways to prove an identity: something you know (password), something you have (phone), or something you are (fingerprint). Your security improves dramatically when using two of these to log into services. Most of the time, this is in the form of the service sending you a text message when you log in. If someone knows your password, they would also need your phone (or a way to intercept your texts). If/When ChaCha gets MFA, enable it as soon as you can. ZDNet released a good article today on MFA so please take the time to at least skim through
Regarding 2 and 3, using a password manager such as KeePass, Lastpass, or Bitwarden can make generating and keeping up with your passwords a breeze.
A password manager becomes a single point of failure. If it ever gets breached, are you not completely fucked?