The mother of all breaches: why we should never use the same password for different accounts.

Question

The mother of all breaches: why we should never use the same password for different accounts.

Follow

Share

https://cybernews.com/security/billions-passwords-credentials-leaked-mother-of-all-breaches/

If you're worried about hackers getting at your (or your LO's) ID or financials, you mostly need to worry about your passwords.

For example, if you play the very popular online game Words With Friends2, please note that Zynga was one of the organizations whose data was recently breached. If you use the same pw for your Zynga login as you do for other accounts, this is what makes you vulnerable.

You can protect yourself as much as possible if you just do this:

"...use strong, hard to guess passwords, enable multi-factor authentication on all important accounts, keep an eye for phishing and spear phishing attempts, check for password duplicates and immediately set up new protection for accounts that share the same passwords." (Excerpted from the above article).

What is phishing and spear phishing?

You should know this if your LO has social media accounts (think FaceBook) because they are vulnerable:

https://www.digitalguardian.com/blog/what-is-spear-phishing-defining-and-differentiating-spear-phishing-and-phishing

I use a password keeper called 1Password. They have never had a data breach in the 10+ years I have used them for my business and personal password storage. Other password keeper apps exist. Having one is better than not.

I was inspired to post this info from reading posts by desperate family members trying to prevent their cognitively impaired LOs from losing all their money to relentless cyber scammers. It breaks my heart because it is mostly preventable.

"An ounce of prevention is worth a pound of cure."
- Benjamin Franklin

Care Decisions Financial Planning Frauds & Scams

This discussion has been closed for comment. Start a New Discussion.

11 Comments

Newest
First Oldest
First

This discussion has been closed for comment. Start a New Discussion.

Recent Questions

Related Questions

Start a Discussion

G Geaton777 Feb 2, 2024 · Answer 1 · 2024-02-02T09:49:24.000-0500

Alva, it's great that you have a system that works for you. Does it work for your PoA? Even though I have a great pw keeping app, I still have to give my main pw for it to my PoA son. There's just no way to get around this. And my pw app requires yet another "secret key" long piece of code in order to do an account recovery. They told me to keep that emergency recovery info in a safe deposit box! If I get dementia and decide to change that password... yikes. I store all sorts of stuff on that app: pdfs of our Trust, EE bonds, passport info, photos, lists, notes, etc.

In the end, the person is the weak link. So hopefully I won't get a wild hair one day because I have paranoia from yet-to-be diagnosed dementia and decide to change the most important password. But at least I know it is recoverable with the PoA authority and secret key code that I gave them.

In regards to WWIII... I personally think the younger tech-savvy generation will figure out ways to get around a tech shut-down or ban. Just because we can't imagine it doesn't mean that they can't. Plus, here in the U.S. there are plenty of people who live "off the grid' with their own power supplies. There's an entire secret internet in China and also Russia (we employed a Chinese national for 5 years and she used it all the time). The Anonymous hacker group (remember them?) would spring into action. Hate them or love them, they'd be a force to reckon with. It would still be a fight, but never underestimate Americans, and a determined global resistance IMHO.

https://www.cnbc.com/2022/03/16/what-has-anonymous-done-to-russia-here-are-the-results-.html

A AlvaDeer Feb 1, 2024 · Answer 2 · 2024-02-01T11:15:26.000-0500

It'll be no surprise that I don't save my passwords on any site, because I DON'T TRUST sites and fear their hacking. I get it, Geaton, that yours has been safe a decade and more, but I just don't trust the internet. I don't do online banking. I mean you could steal my computer and walk off with it and not have access to much at all.

I don't find passwords that tough to save because I don't have that many and I often make them phrases out of songs so that each site kind of has a "song for it". Often when I go onto sites even not having to log in, such as FB, I will say my password to myself. Sets it in real solid so far.
I come from that generation that had to memorize poems and such in school, so the memorization gene is almost always activated.

Of course the brain is no longer young at 81--that's for dang certain.
I so agree with Geaton that we have to stay as computer literate, as tech savvy as we are able but I have to admit I guestion how long I will be "able". Other countries seem much better at demanding that techs be interchangeable and adaptable with one another, but in the USA we are all over the place--so scattered. Seems it's the American way.

I do think that WWIII is going to be about taking down the tech and hacking into it. We will be good and helpless, esp. the young who do EVERYTHING by tech.

C cwillie Feb 1, 2024 · Answer 3 · 2024-02-01T11:07:28.000-0500

I get that Geaton. And I do tend to use weaker password for accounts like AgingCare or my library because its hard to remember so many and it's no big deal if they hack those. I know there are password apps (don't most antivirus have them as part of their suite?) but I haven't gone that route yet, I want something I can store off site because I'm paranoid about losing access because of tech glitches.

G Geaton777 Feb 1, 2024 · Answer 4 · 2024-02-01T10:39:50.000-0500

cwillie, it doesn't have to do with email accounts, it has to do with only passwords and reusing the same passwords for different accounts. I'm totally guilty of having done that. Now I'm in the process of undoing this.

My 1Password app can automatically generate super strong random passwords but I rarely use it because in the past I've wanted to be able to login and out fast and easily, since I do our business admin, and manage care for 3 people, I login and out of websites all day long. Even the autofill function of 1Password sometimes fights with my keychain function on my Mac laptop. Now with passkeys I don't have to deal with any of that. I can't wait for every website with a login to have passkeys.

C cwillie Feb 1, 2024 · Answer 5 · 2024-02-01T10:24:16.000-0500

I have a less secure "junk" email(s) and passwords (like for this site) and then I have something a little more robust for things like most trusted businesses and banking. And when businesses routinely ask for phone numbers and email I've learned to just say no. I find it kind of amusing though that one of my "junk" accounts (Tim Hortons) now requires a pass key.

G Geaton777 Feb 1, 2024 · Answer 6 · 2024-02-01T09:32:07.000-0500

I forgot to mention that setting up a passkey at a website is pretty effortless.

Basically in the login credentials box (and if that organization uses passkeys) it will ask, "Do you want to set up a passkey?" When you click "yes" an message box usually pops up to say that a passkey is being created, and then another message to say it's complete. That's it. Nothing to change, edit, update, write down, etc. Then the next time you navigate to that website it will automatically log you in if you're using the same device.

M MyNameIsTrouble Jan 31, 2024 · Answer 7 · 2024-01-31T16:11:27.000-0500

Thank you Geaton. Not only for the cyber security info but for also making me smile. I hurt for those like your friend's son and all the others affected by these crimes. They have it tough. I'm also grateful for the years of experiences, the extra pounds I carry, and the wisdom to know that if the criminals think putting my actions/photos on every social media site would cause me to give into extortion, they can well try because 1) I'm not on social media with the exception of AC, 2) I don't have the money to extort, and 3) bull is bull and I'm at an age that I don't have time to waste it on bull.

G Geaton777 Jan 31, 2024 · Answer 8 · 2024-01-31T16:07:11.000-0500

Another suggestion:

Start using passkeys to get into your accounts. I just set one up for my PayPal account.

"Unlike a password, a passkey relies on a string of encrypted data stored in your phone or laptop and verification from you, through a face scan, a fingerprint scan or a PIN code, to access a website or app. There’s no exchange of a password at all."

Source: https://www.cnbc.com/2023/11/07/how-to-switch-from-passwords-to-passkeys.html#:~:text=It%27s%20called%20a%20passkey%2C%20and,already%20adopted%20the%20new%20technology.

It is specific to each of your devices. Passkeys keep the phishers out.

Apple, Google and Amazon.com are going to be my next passkey set-ups...

G Geaton777 Jan 31, 2024 · Answer 9 · 2024-01-31T15:40:02.000-0500

Hothouseflower, my friend's 9th grade son was a victim: he was on some website or social account he shouldn't have been. He was convinced that the person on the other end was a cute girl who convinced him to do/show something (and it was secretly recorded). The scammers then sent him a message telling him that if he didn't pay them $3k they'd release the video to all social media outlets. He became suicidal. Eventually he confessed to his parents what was going on.

I myself get porn-extortion emails every month to my business account ("Hello pervert, we know what websites you've been visiting...pay us to this crypto account or else blah blah") which means that some of my info in some breach at some time was purchased. I can't change my business email easily so I just ignore those threats that I know are BS.

Many people and organizations are already complaining to the government -- it can only do so much. It certainly can't do anything preventative. That's our job. The biggest problem is that the hackers are very very good at not being found (generally) and therefore, not being punished.

H Hothouseflower Jan 31, 2024 · Answer 10 · 2024-01-31T13:20:41.000-0500

Along the lines of what you wrote about internet security, Geaton, I just read that there were Senate hearings today about online exploitation and extortion of children on social media platforms.

Obviously it should be broadened to include the online exploitation of the vulnerable no matter the age.

That post earlier this week about celebrity scammers and those two women being extorted hit home with me. I found it very upsetting.

I am going to close my Facebook account. I don’t need to see videos of kittens that badly.

I think concerned citizens should complain to their elected representatives to do something about this. But I’m not holding my breath that anything will be done.

N NeedHelpWithMom Jan 31, 2024 · Answer 11 · 2024-01-31T12:43:17.000-0500

Your last sentence on your post says it all!

Thanks for sharing this info. Hopefully, people will become more aware on how to prevent scammers.

The mother of all breaches: why we should never use the same password for different accounts.

11 Comments

Recent Questions

Popular Questions

Related Questions