You've been pwned- What next?
July 12, 2016 10:20 AM   Subscribe

Last year I put my email into the you've been pwned website [link] . This last week I got an email saying I may have been affected. What can I do to protect my data?

Along with this email, I also recently got an email suggesting someone with a Russian IP tried to access my steam account. It was prevented by steam guard, but I feel that using a similar password in many places connected to my financial information is a bad habit that I should stop.

How do I go about doing this? My main devices are a PC and an iphone. What can I do for optimum security without too much hassle?
posted by Braeburn to Technology (7 answers total) 2 users marked this as a favorite
Best answer: You should look into password managers.

Lastpass, is for me, very solidly in the middle of the venn diagram of security/convenience/cost.

The downsides are that mobile access is not free (but $1 per month really isn't much), and, more importantly being cloud-based means that your passwords could still be put at risk.

KeePass is an example of a tool that is free as in beer and speech, and you are in charge of controlling your own password store.

Personally, I think Lastpass can be trusted to manage my password store better than I can.
posted by sparklemotion at 10:35 AM on July 12, 2016 [3 favorites]

I feel that using a similar password in many places connected to my financial information is a bad habit that I should stop.

Definitely. Look into a password manager.

Also, turn on two factor authentication for your email that you use for sensitive things like banking.
posted by Candleman at 10:41 AM on July 12, 2016

Another vote for LastPass and for using two-factor authentication whenever possible. LastPass has a built-in tool that analyzes your passwords and gives you a score based on similarity, how recently they were changed, etc. You just need to remember a strong master password. I had around 200 passwords stored in Chrome when I started using LastPass, so I started by updating my old passwords with generated ones whenever I would log into a site for the first time. It didn't take long for all of my most commonly used passwords to be replaced; then I spent an hour or so doing a sweep through everything that remained.
posted by neushoorn at 10:44 AM on July 12, 2016 [1 favorite]

I agree, get LastPass. Run the LastPass challenge when you get your usernames and passwords in and make sure that you don't have any duplicates.

You might also look at YubiKey it's a hardware two factor authentication device. Very secure.
posted by gregr at 12:21 PM on July 12, 2016

Best answer: Another thing to consider is how secure you really need some of your passwords to be. Obviously, they should be different on every site, but even with LastPass I definitely use some easy to memorize/guess/type passwords on sites for which a breach is pretty meaningless to me.

For me, it's just not worth it to have to load up LastPass to get the 13 character string with specials and mixed caps just because I decided to go to, say, GoodReads, on a different browser that day. Ditto gaming sites that I might visit a handful of times and don't have any payment info. But use your own judgment here: Maybe your reading habits are something you'd rather keep private, so GoodReads needs to be secure.

So, if you don't want to do the password manager thing, at least consider coming up with complex passwords for your important sites (banks, email, Ashley Madison, etc.) and writing them down and keeping them in your wallet (if you lose your wallet you're screwed anyways, right?).
posted by sparklemotion at 12:24 PM on July 12, 2016

Best answer: One important, simple step is to make sure your email password is secure and completely unlike any other password you have. If someone gets in to your email they can do a password reset to get into all your other stuff. If someone finds your Tumblr password and it's also your email password, then they can get into everything.
posted by BungaDunga at 4:35 PM on July 12, 2016 [1 favorite]

Lastpass may be a good solution for many people, although I am able to get by without a password manager. In my case, after reading this xkcd, I started using random multi-word passwords that I feel confident about, and are easy for me to remember. It may be a good idea to use something like this for the master password for LastPass or for some specific websites where you'd rather have a password from memory.
posted by thewildgreen at 6:48 PM on July 12, 2016

« Older How do I get an inspection done on a used car that...   |   How late is too late for teeth to fall out? Newer »
This thread is closed to new comments.