With so much of our lives spent online, it’s important to understand how profiles can become compromised and know the best ways to keep them secure.
We’re not just committed to protecting your Slice data – we want to help shield you across all platforms. To show you how attackers can gain access to vulnerable accounts, we’ll run through a hypothetical scenario that plays out all too often.
Meet Tim Apple
Tim is a casual internet user who has dozens of accounts across multiple platforms. He uses Gmail, Twitter, online banking, Facebook, Netflix, and a bevy of other popular platforms.
At least, those are the accounts that he uses every day. He’s also created many other accounts that he’s forgotten all about — that cute sweater he bought on some small site run by a Scandinavian sheep herder or that vintage Creature From The Black Lagoon print from a collector in Burbank.
He uses the same password for all of his accounts because it makes it easier to keep track of all his logins.
That was a mistake.
That little clothing site Tim bought the sweater from? Due to a security flaw, a hacker was able to breach the site and gain access to its entire list of usernames and passwords.
Now, Tim might not care too much about this. His credit card wasn’t stored on the site, so there’s not much they can do with the account, right?
With Tim’s username and password in hand, the hacker uses a method called credential stuffing, automatically checking Tim’s username and password against thousands of other sites online, revealing all of the other accounts they can now access.
Now, they have access to sites where Tim does store his credit card information, which means they can cause some potentially catastrophic damage. Every account with that same username/password combination has now been breached.
But what about the sites where Tim used a different password? Those are safe, right? Unfortunately, no. This is where brute force attacks come in.
Brute Force Attacks
Brute force attacks are far less sophisticated than other hacks, but they’re still a threat to account security. The attacker knows Tim has a Chase online bank account because of the valid username, but he used a longer password. The attackers then run a script containing common passwords including variations of the password they previously extracted from Tim. This script rapidly attempts to log into his account using all these passwords until it finally finds the right combination.
You’re (Usually) Not Being Singled Out
Most people would say that they don’t have anything sensitive enough online to be targeted by an attack. While that may be the case, hackers usually target large databases of compromised accounts, rather than individuals.
Tim is a relatively boring dude, but his information was lumped in with hundreds of others. With that, the hacker imports the database and puts the bots to work.
Protect Yourself, or Else Wreck Yourself
Some data breaches may be out of your control. Fortunately, with these tips, you can minimize the damage and significantly increase your online security:
Check to see if you’ve already been compromised
First, check to see if your accounts have already been compromised. An easy way to do this is by visiting haveibeenpwned.com and entering your email address and/or commonly used password.
This site will securely inform you if you’ve been subject to a data breach and, if so, which ones specifically. (This site is not affiliated with Slice, but it is trusted in the online security community.)
Change all your passwords immediately and frequently
Yes, this seems like a huge pain in the butt, but it’s a must for keeping your accounts safe. Create a complex password for each online account you have, and don’t use the same one for multiple accounts.
If the site features a multi-factor authentication option, enable it for an added layer of security. This will require a user to enter a text message code or authenticator app code in order to log in.
Use a password manager like LastPass
They allow you to generate random passwords for all of your sites and keep them stored for you, so you don’t have to remember them every time you log in.
You can also use them to safely store additional private information (like credit card numbers) through encryption. No more stray password books or Post-It notes laying around with sensitive info!
Best of all, these apps will inform you of the latest security breaches, allowing you to quickly take action in the event of a threat.
Use Your Best Judgement
Finally, if a site looks sketchy, don’t input any personal information! If there’s no lock icon in the address bar, or if your browser warns you that it’s not secure, then it’s best to simply leave the site and never think about it again.