Technology, Open Source

Have You Been Pwned?

Aidy ·

 

How To Protect Your Passwords

 


''On arrival I found a transaction of £450 that I hadnt authorised, accompanied by that feeling of weakness and vulnerability. Not nice.''

 

Recently I received one of those really convincing fraudulent emails claiming that I needed to reset my Paypal password. We've all had something similar right? I was fully aware that you are to NEVER click on any links from a potentially fraudulent email, so instead, I went to the Paypal website (via my web browser) and logged in. On arrival I found a transaction of £450 that I hadnt authorised, accompanied by that feeling of weakness and vulnerability. Not nice. How did this happen? Even to this day I have no idea how it happened but fortunately I submitted a report to Paypal and they refunded the amount.

 

''I know nothing of code, encryption, servers, bots and all the other wonderful words of the web, but I found a solution''

 

Paypal boast military style security for their accounts so it got me thinking... If they cannot protect me from fraud then I need to cut out the middleman and begin making the efforts to ensure my own security online. The problem being, I use computers everyday but consider myself an absolute amateur when it comes to 'back-end' computing knowledge. I know nothing of code, encryption, servers, bots and all the other wonderful words of the web, but I found a solution from the open source community. In fact, I found two solutions and a really helpful tool to keep ahead of the game without having to become a cyber geek.

 

How to find out if you have been 'pwned', which is a techy term for 'owned'...

 


The first thing I found that there is a really helpful website which tells you whether your personal information has been compromised, its called:

 

Have I Been Pwned?

https://haveibeenpwned.com/

Have I Been Pwned

Just type in your email address and it will tell you whether that address has ever had information stolen from it. This image above is after I typed in my Dad's email address

 

Have I Been Pwned?

As you can see my old Hotmail account wasnt so lucky and had a fair few breaches over the years. Some of which I was aware of and had already logged in and changed my passwords. Others I didnt know about. Additionally you can sign up to get notifications emailed to you if your email addresses are ever compromised.

 

Here are two solutions to the problem of hackers getting hold of those precious passwords and other personal information

 

The first is an app called Last Pass is a beautiful solution to these pesky hackers and enables you to generate unique passwords for every site, stores photos, notes and can be synced across devices. All you need to do is remember one password.

The only downsides are there is an element of trust involved here and with it being an online service there is always the slim chance it could be compromised itself. Extremely unlikely though.

 

LastPass

https://lastpass.com/how-it-works/

LastPass Website
 

The second is KeePass which my web developer friends tend to favour. Although, not as visually stimulating as LastPass it is developed by the Open Source community, has won awards and in the true spirit of Open Source, is free. These guys have been around for decades and have worked on this as a passion, not a business. It is stored on your computer so has an extra element of safety but I believe you can only have it on one device. Some down-sides are that the encrypted passwords are stored on your desktop so cannot be synced to you mobile (for example).

 

KeePass

http://keepass.info/

KeePass Website

 

How To Protect Your Browsing

 

It may be a further shock to your system, to learn that if you are using a public hotspot (this accounts for virtually ALL hotspots) in a cafe or shares wifi system, then all of the information (technical term: Packets) are completely un-encrypted. So, this means that al of your browsing activities and password inputs can be intercepted through really simple methods. Not only this but there are hundreds, if not, thousands of videos on Youtube of how to do it.


So, whats the solution?

What you need is a VPN service. A VPN stands for Virtual Private Network and without going into the details it re-routes all of you browsing activities through secure, encrypted servers in other countries. Additional benefits to securing all of your data is that you can by-pass government restrictions on web browsing. Yes, governments across the globe decide what websites show up in your Google searches and some websites such as Netflix restrict what you can watch in the UK compared to the US, for example. Some VPN services offer a 'Smart play' as a way around this and if you are wondering, it is all legal.

One of the best VPN services on the internet is NordVPN. I have been told by a senior web developer that IVPN is probably better (slightly faster and more reliable) but it is, as you can imagine, more money.

 

NordVPN website screenshot



I hope you found this helpful but remember that no solution is 100% full proof when the internet is involved. These options reduce the risk of theft by gigantic proportions through utilising these tools and staying a-head of the game. The fact of the matter is if you do not protect yourself then you are nothing more than a sitting duck.

All the best