Privacy Mythbusting #2: My password keeps me safe. (Not necessarily!)
If you’ve ever used the same password on more than one website, then your accounts may be compromised due to data leaks. Once a hacker gets your login information from a single site, they can try it on other sites. Many hackers use automated tools to cycle through leaked password lists, trying them on many popular websites.
You may have heard of a few of the high profile data leaks in the past few years, such as:
• LinkedIn
• Adobe
• Dropbox
• Tumblr
• SnapChat
• Neopets
• Minecraft
Believe it or not, there have been over 200 major websites that have had their data leaked over the past few years, enabling your passwords to be used by hackers.
In 2013, Microsoft security research Troy Hunt built the site Have I Been Pwned? that allows you to check if your password has ever been leaked. (Fun fact: “Pwned,” derived from owned, is video game slang for when someone is utterly defeated!)
How can you stay safe in a world of data leaks?
• Use a different password on each website.
• Use a password manager like 1Password that generates secure passwords and stores them for you safely.
• Use two-factor authentication (2FA) wherever possible. You can check if major sites have 2FA available at https://twofactorauth.org/
For more privacy advice, follow us on Twitter & get our privacy newsletter.
Note: This blog post has been updated since initial publication.