I’ve been waiting for more information on last week’s news concerning what one person reported as The Mother of All Breaches. The title explains it all in that this breach exposed 773 million emails and 21 million passwords. So I’m not sure what was more important or newsworthy that distracted the media from not covering this event that potentially could impact a lot of us. I’m not going to go into the politics of this non-reporting nor even try to uncover what went wrong. My focus is going to be on what we as basic users of emails and social media sites should be doing to protect our privacy and secure our accounts.

One thing that the security experts are suggesting is what they call 2FA (two-factor authentication). 2FA just adds one extra step to logging in and it adds one extra layer of protection. An example of how 2FA works is: you log in to your email account by entering your User name and Password. Then you get an alert to enter the code that has just been texted to your cell phone. So in essence, this prevents anyone the ability to access your email even IF your password was breached because they also have to have access to your cell phone.

The second suggestion is to use a Password Manager. We’ve all heard that we should not reuse our passwords because if a bad guy has gotten a hold of a password that you’ve reused across several devices or services, now he has access to all of those accounts. So this is the reason why we should have strong, unique passwords for each distinct device or service. And this is where Password Managers come into play because if you are like me, it is difficult to remember this unique, complex password that you’ve come up with for each and every site. So Password Managers are going to be that memory aid that we can use to help us. There are several Password Managers to choose from some mentioned are: 1Password, LastPass, Keeper, KeePassXC and Dashlane. What you need to know is that a Password Manager is a basically an online tool that will create and store your passwords so you don’t have to memorize them. These passwords will be considered super STRONG because they would be difficult for a human to guess like qzRtC{6rXN3N\RgL. There are also several sites that can help you generate your own strong and random passwords, two of them are: Secure Password Generator https://passwordsgenerator.net/) and xkpasswd (https://xkpasswd.net/s/).  You can not only store several passwords but also the responses to security questions which by the way, it is recommended that you do NOT answer them 100% correctly.

The third line of defense suggested is to get a physical security token which provides a private encryption key. So if you enable the physical security key along with your Password Manager no one will be able to access your accounts without it. So to be able to get into your account the Bad Guy needs 1) your password 2) access to your phone and 3) your Yubikey or Titan physical security token.