There is a Chrome extension to help you pick better passwords. It is called PassProtect by okta. It will tell you right away if your password is in a list of data breaches. It doesn’t necessarily mean your username/email and password combination are in that list but if your password is already in a list of compromised passwords, you might want to rethink that password. You can add it to your Chrome browser.
They do not store or collect any information from you, they simply use the HaveIBeenPwned.com API to check against the list of known breaches. If you want to check a password on your own, you can check it here as well manually to see if it is in the list of breached passwords, because it is the same list. Hackers that have collected passwords will often use them to breach a site and try to guess people’s logins and if you are using a password from a breached list, and they know your email or username, you may find yourself hacked.
We’ve written a few times about password security. But what if your phone number gets hijacked? This is not having your phone stolen but rather having your phone number taken from you. You no longer can use the two-step verification because someone else has the number they have on file for it. So how does a phone number get hijacked in the first place? The Victor crew wanted to learn more.
It can start with a text that looks like it came from your carrier. It may have a number or a login page for you to enter some information. All they need is your call-in pin and they can start the process of porting your number over to their phone. You actually think you are talking to a representative of your carrier. Once they have your number, they can use the “forgot password” function of all your apps and get a code sent to them to reset the passwords. Think of all the apps you have – your bank, your email, your wallet. So what can you do?
Here are some ideas from Forbes:
- Put a passcode on your account with your carrier. Make sure whoever you are talking to uses that passcode with you. If a hacker tries to use it, hopefully the representative is on the ball and asks for the passcode.
- Use the mobile carrier specific email address to access the account. Forbes suggests you have an address as your current primary one, one just for a mobile carrier, and one for all your sensitive accounts like banking. This way your primary account can’t be used to steal your phone number.
- Disable online access to your wireless account. You will have to go the store to make changes but it won’t get hacked.
- Ask your carrier to make changes with photo ID required.
Some other thoughts:
- Use a password manager and let it generate passwords.
- Don’t have the same security questions on all sites and don’t answer them truthfully.
- Do not connect your mobile number to sensitive accounts. Create a new Gmail email address and don’t connect a phone number to it. Use Google Authenticator with one-time passcode generator to use it. They suggest using a Google Voice number.
- Use a security key. Yubikey is a physical security key device. There are also devices you use a USB port for.
- Use biometric authentication – fingerprint for example.