The dark web is an area of the internet where cybercriminals can operate in near complete anonymity. Many of the websites you have used or now use have had data breaches in the past, and certain portions of the dark web contain the results of such breaches. Names, dates of birth, addresses, booking numbers, and, worst of all credit, card details and passwords, can all be found in this data.
It is a good idea to search the dark web regularly. If you have run a search and discovered that your email addresses and passwords are already on the dark web, you can act right away. Here are our suggestions for where to go from here.
Choosing A Good Password and Keeping It Secure
People used to use the same password for everything, worse yet, they often used something obvious like their name, their spouse’s name, their pet’s name – maybe with a number or symbol at the end if you were a real security obsessive!
However, hopefully by now people realise that these passwords are not in any way secure and that using the same password for everything is not a good idea. For those who have not worked out why, think about what happens when one of the websites you use is hacked and the passwords are leaked, an attacker now has your password for every other site on the internet. They can go to each site of interest and try that email and password combination, that includes sites like eBay, Amazon, and maybe even your online bank!
Choosing A Good Password
1. Every password should be completely different.
2. Perform regular dark web scans to check if any of your details have been leaked. Change the password immediately if your details have been compromised.
3. Use a password manager, these are pieces of software which help to generate strong passwords and store them in a master password vault. Every website can have a different password, but you personally only need to remember one password. LastPass and 1Password are both good options for password managers. Both these password managers have business configurations that allow you to create sub accounts for your workers, allowing you to reset the passwords in the event that anyone leaves the company.
4. Use Multi Factor Authentication (MFA/2FA) on any passwords that allow it. Where possible you should choose to the Google Authenticator app where possible rather than your phone number to avoid the possibility of a SIM swap attack. This means that even if an attacker found your username and password, they still could not gain access without also possessing physical access to your phone at the exact moment they were trying to access your account.
5. If you use the Google toolbar, you should be able to activate MFA on your Google account; otherwise, if anyone has your Google password, they will install your Google toolbar and get access to all your account’s saved passwords instantly.
6. The same is true for your email, ensure that MFA is active as an attacker having access to your email would allow them to request password resets to any account linked to that email address.
But If My Passwords Are Unique and Secure, How Can I Ever Remember Them?
When we recommend long, random passwords, we usually get this kind of response. But here is the thing: if you cannot recall the secret, it means it is as safe as it can be. You cannot accidentally reveal information which you do not know. When you enter your master password, the password managers suggested above can autofill your various passwords. Alternatively, if you are using your phone, you can connect your passwords to your fingerprint. On a desktop, you can install these password managers as browser toolbars.
Many people believe, “I’ll never be hacked”. However, if… or when it happens, the consequences may be stressful, resulting in humiliation, financial ruin or both. Hopefully, this guide will assist you in achieving true password security.