How to save all your accounts from getting hacked?

Yesterday, I came across news about Ubuntu forums getting hacked and 2 million passwords getting revealed. Even though, most people reading this blog post won’t have accounts at Ubuntu forums, this is still important.

117 Plus 70 Million Passwords Hacked

Every few weeks, such news comes up and a couple million passwords are hacked. Most people use the same password on many other websites, they have accounts at. This is a major mistake. A few weeks ago, 117 million LinkedIn passwords were hacked. 70 million Tumbler accounts were hacked the same time too. Before these, it was some other website. Such news keeps coming.

How to check if your accounts are hacked

If you want to check whether your account has been hacked, you can check by inputting your username or e-mail address you use on websites, here.

HaveiBeenPwned_Screenshot

This is why you should have DIFFERENT and difficult passwords on any website you have accounts at.

Using Password Managers

You should also consider using a password manager like LastPass, 1Password or Keepass, and have different, difficult passwords on all the sites you have accounts at. Use the option in LastPass, 1Password or Keepass to generate a difficult password, whenever you open a new account with a website, and use this password on that site. Do no use the simple, same password on every site you open an account at. Making it easy for yourself to sign into all the websites also means making it easy for hackers to crack such weak passwords.

There are too many people who use very common passwords. Such passwords are already known to hackers. The only password you should remember is, your e-mail password, which also should be very long and difficult to crack. This is because, if you lose access to your LastPass, 1Password or Keepass account, you can still be able to reset the password for other websites, by getting the link in e-mail.

Wherever I can, I use a 20+ character password. Since LastPass remembers it for me, I don’t have to.

I Don’t Want to use a Password Manager

If you don’t want to use a password manager, here’s what you can do:

  1. Whenever you create a new account at any website, say for example, it’s Google.com, take the first and last letter of the site. In this case, it’s g and e. What’s the word that comes to mind starting with g and ending with e, other than Google? It can be any other word, but Giraffe comes to my mind. So, I’ll use the word giraffe.
  2. Now, count the no. of characters in the website you’re registering at, excluding the .com, or any other extension it has. There are 5 characters in the word Google. So, add the no. 5 to the above word, Giraffe.
  3. Now, use hacker language. The word giraffe becomes g1r4ff3. You can Google for hacker language or hacker speak, and see what they use.
  4. You can also have a common no. to add to the above, in addition to step 2. I’ll use the number 3099 as an example. Use the same no. in all the passwords. You may add it at the start or to the end of the above word.
  5. But, to make it difficult, instead of adding the no. 3099, I’ll use the characters #)(( which I got using the shift key with 3099.
  6. Now, the password becomes g1r4ff35#)(( So, whenever you want to remember your password for the site Google, you can use the above formula and re-create the same password.

Now, let us see how strong our above password is. Go to How Secure is my Password, and enter or paste the above password I created. The site shows that it would take a computer, 200 years to crack the above password. Of course it’ll take less time for a botnet to crack this password.

HowSecureismyPassword_Screenshot

The above is a simple example. I use the above method to think of more than one word and join them. But, remembering a sentence for each password may become difficult for more than a few accounts. The best is still to use one of the password managers to generate and remember passwords.

Wherever you have the two factor authentication option (also called 2FA), you should enable and use this option. This will make your account more secure, though it will take longer for you to log in, as you get a code on your mobile, before you can sign into them.

Do you use common passwords on all websites you have accounts at, or are all of them different? Do you use a password manager? Which one? How do you remember passwords if you don’t use a password manager, and use a different password for every website? Let me know in the comments below.