pen and paper with various passwords written on it

Oh No! Your Dark Web Scan Results Made You :( Our Advice on Securing Your Passwords

The dark web – the place where cyber-criminals conduct their business anonymously. Some parts of the dark web hold the results of the data breaches of many of the websites that you used or even still use today. This data can be names, date of births, addresses, booking information, and worst of all (but not unlikely) credit card information and passwords.

Conducting a regular dark web scan is recommended. If you have conducted a scan and found that your email addresses and passwords are available on the dark web, you need to act immediately. Here are our recommendations on how to proceed from here.

The History of Passwords

Time was, everyone in the world used the same password for everything. Then we had to add a number, and we all added a 1. Then a symbol, and we all added a ! – in fact, this is exactly what happened: https://www.youtube.com/watch?v=aHaBH4LqGsI

But today, with websites being hacked and their data being leaked onto the dark web, using weak passwords or using the same password for multiple services is a very bad idea!

Password Best Practices

1. Make EVERY SINGLE PASSWORD different.

2. If you store your passwords in Google Chrome, Google search for “Google password check” and this will take you through and check for passwords that have been leaked onto the dark web.

3. Whenever you next login to ANY website, carry out a password reset on it just for safe measures, especially if it has a password that you used elsewhere and/or one which hasn’t been changed for a while.

4. Generate a password using https://passwordsgenerator.net/ and choose 16 characters and include numbers and special characters. To repeat, MAKE EVERY SINGLE PASSWORD DIFFERENT!

5. Use either www.1password.com or https://www.lastpass.com/ to generate strong, unique passwords and store them. Because the passwords they will generate are almost impossible to remember, you will have a single master password which protects your “password vault”. This master password should be EXTRA STRONG. Some people find it easier to use an entire phrase as their master password as it will be easy to remember but very difficult to break. Both of these password managers have corporate settings where you can make sub accounts for your employees, to maintain control of your passwords should someone leave.

6. Enable 2FA on as many logins as you can and use the Google Authenticator app to scan a QR code rather than SMS.

7. If you use the Google toolbar, you should definitely enable 2FA on your Google account, otherwise if someone gets that password, they could install your Google toolbar and then immediately have access to all your saved passwords.

8. Definitely enable 2FA on your email account. If someone can get into your email, then they can pretty much go to any website or app you use and ask to reset the password, then go into your email and change the password.

9. When you add security questions to anything, for example you choose 3 and they are like “Which city were you born in?” put the answer as complete nonsense. For example, put the name of your first pet as the city you were born. This is because a lot of scams will research these things first from publicly available profiles on sites like Facebook, and then when they try and get into something via the 3 answers, they won’t know them as the answers aren’t the actual fact. You can keep track of which answers you gave in the secure notes section of your chosen password manager (see point No. 5).

What? I will never remember those passwords!
This is the feedback we normally get when suggesting such long, random passwords. But this is the point, if you as the owner cannot remember it, that means it is as secure as it possibly can be, as if you do not know your password you can’t accidentally reveal it. The password managers mentioned above will autofill your different passwords when you enter your master password or, if you are using them on a phone, you can tie your passwords to your fingerprint. If you need to access from a desktop, the 1password or LastPass toolbar extensions can help make that easier.

Many will believe that “it will never happen to me”. But if…  or when it does, the results can be stressful, and often result in embarrassment, financial loss, or both. Hopefully, this guide will help many on their way to password security.

Author: Dave King

Dave King is the Co-Founder and Director of Carden IT Services and the wider Carden IT Group. Dave has over 18 years’ experience in business IT networks with a focus on IT consultation and disaster recovery planning/testing.