Everything you wanted to know about digital security

About account security

Useful

Today everyone has 10-100+ accounts of different services/emails/applications/sites/other wallets. Are these accounts safe?


Everyone learned a long time ago that a password has to be complex: ONE BIG, one small, one number, one $penny$ character. And you need a different password for each account, don't you? I mean, it's crazy.
Someone gets out of the situation by using a password manager. But if this manager isn't cut off forever, who can guarantee, that the developer of this manager won't fetch all our passwords (together with logins and addresses, where to enter them)?

What to do?
By the way, we at bespale use trivial text notes, but we store them on extremely secure machines. Such a scheme is much safer than any manager, if only because the notepad has never yet been asked to go online.

Despite the fact that services have long been forcing users to come up with complex passwords (otherwise it's banal "not allowed" further), but making users come up with different passwords for different services - such technology does not yet exist. And this means that all of us, one way or another, use at best 2-3 complex passwords for all our accounts. Sound familiar?

Now let's do the math:
  1. We have registered different accounts on n-number of obscure sites/applications/services.
  2. Each such registration is one of our 2-3 passwords + our mail / phone / login.
  3. Poorly-understood sites/applications/services tend to be hacked, resulting in leaks.
  4. Leaks can be different: from trivial full name/address/phone number, to the most unpleasant password variants.
  5. Attackers will collect those leaks in one database, matching users by mail/fio/address/etc (a couple of leaks with passwords is enough to hack all other services, since we use only 2-3 passwords).
  6. Then they "run" such a database through thousands and thousands of different sites/applications/services, including email services (from which one can hijack half a life in a couple of clicks).

So how do you secure your accounts?


  • Make up complex passwords (this is not a joke or agitation, it's really necessary).
  • Come up with different passwords, at least for important accounts - money/fio/address/property.
  • Come up with a secure way to store those passwords. Secure = offline! But not on a sticker taped to your monitor!!!
  • When in doubt, it's always best to check your email/phone/login (but NOT the PASSWORD!) for leaks. You can do this at:
haveibeenpwned.com
mypwd.io
dehashed.com.

2022-04-30 19:42