You may be surprised to learn how most passwords are hacked. It isn't by breaking into the account that is threatened, but by stealing the password from another site entirely. This happens because many people use the same password for different sites. You can easily protect yourself against this.
Comments: 16 Responses to “How Was My Password Hacked?”
Chris
8 years ago
I keep all my passwords stored in Safari's keychain. Is there a way to cross-reference all of them to see if any duplicates exist? I recall 1Password having a similar functionality.
Chris: I would just manually go through the list when you have time. I wouldn't leave it up to an automatic process because it is common to have multiple passwords to the same site -- for multiple accounts. Or, just leave it as it doesn't do any harm. If there is a site you log on to often and you see some old passwords appear, just take care of them on a case-by-case basis.
Chris
8 years ago
Thanks Gary. You mentioned 2FA. How can one plan for the event that one of their devices is lost/stolen?
For example, I have an iMac and iPhone. I travel often. What happens if my iPhone lost or stolen? Without 2FA, I can just pick up a new iPhone at the Apple Store and can sign back into iCloud no problem. But with 2FA, my iMac is at home.
Chris: You can read all about that here: https://support.apple.com/en-us/HT204915
Basically, you want to set up an SMS number as a backup. Then you get your iPhone replaced (same number) so you can get access again. So you sign in, click on the button to send your code via another method, and have it sent SMS. You get the code and you are set.
Chris
8 years ago
Great! I always forget that Apple has excellent support resources. Thanks Gary.
Paul Gardner
8 years ago
I use 3 or 4 passwords across 50 or 60 sites. I also use 1Password to fill out forms and remember these IDs and passwords. I have never used their generated password function. To change over, do I need to contact each of the websites and make individual changes? I'm concerned that my iPad usage will be made more difficult. I am an Apple user. Am I better off with using Keychain or another password manager?
Paul
Ray Shepherd
8 years ago
Hi Gary. Good points well made.
So across all my devices logged into the same apple account I can let Safari/keychain randomly generate a unique password per site ? I think I tried this once and got into trouble because some higher security sites won't accept Safari/keychain passwords. Am I correct or was I just doing it wrong ?
John Melito
8 years ago
Great video! In your opinion, which provides the best safety, yet is easiest to use: 1Password or Msecure? Or do you suggest another. I have a MacBook pro, iPhone 6, and iPod Touch. Thank you!
David Christensen
8 years ago
I was sent an email from apple saying my iTunes password was used to attempt to log into iTunes from an ip in France. This email told me to go change my password. It did not offer me a link. Just told me to change my password I went in and changed my password and my account was already locked like the email said. I thought this was truly amazing. I did then have to go change Netflix, DIRECTV and Hulu because, your guessed it, where the same password. Not after that they are all different
Paul: Yes, you naturally need to change each password at each site. You don't have to do this all at once. Just start moving toward having a unique password for each site. Start with the sites that you use most often and that are the most important. Use the built-in Safari password feature so you have random ones and you never have to type them because Safari enters them for you. Eventually when you get many sites changed to unique strong passwords, then you can finish off the last ones. Read my free security book or take my free security course for more details about password (see right sidebar).
Ray: Most sites today should allow the type of passwords Safari uses. If they don't, that's very sad as it means they aren't serious about security. But you can always customize the password a little (remove dashes or shorten) if you need.
John & Marty: I usually just rely on iCloud Keychain (built-in Safari) since I am 100% in the Apple ecosystem. But I use 1Password at the same time since it is not much extra effort. 1Password would be great for those who also have one or more devices outside of Apple since you can do it on Windows, etc.
Margarose
8 years ago
Very informative. Wanted to read the answers to all the above questions.
John Stires
8 years ago
The proliferation of individual apps like Visa, E-Trade, Amazon, Auto Club, etc., means I'm back to referencing a list of (typically confusing) passwords; Safari's keychain is out of the loop. Am I missing something?
John: Apps either shouldn't ask you to enter your password very often, or use Touch ID to make it easier. But it is just a part of keeping secure -- like it used to be with carrying many keys with you to lock up all of your stuff. The complexity of the password shouldn't matter as it should always just be copy and paste anyway.
I keep all my passwords stored in Safari's keychain. Is there a way to cross-reference all of them to see if any duplicates exist? I recall 1Password having a similar functionality.
Chris: I would just manually go through the list when you have time. I wouldn't leave it up to an automatic process because it is common to have multiple passwords to the same site -- for multiple accounts. Or, just leave it as it doesn't do any harm. If there is a site you log on to often and you see some old passwords appear, just take care of them on a case-by-case basis.
Thanks Gary. You mentioned 2FA. How can one plan for the event that one of their devices is lost/stolen?
For example, I have an iMac and iPhone. I travel often. What happens if my iPhone lost or stolen? Without 2FA, I can just pick up a new iPhone at the Apple Store and can sign back into iCloud no problem. But with 2FA, my iMac is at home.
Chris: You can read all about that here: https://support.apple.com/en-us/HT204915
Basically, you want to set up an SMS number as a backup. Then you get your iPhone replaced (same number) so you can get access again. So you sign in, click on the button to send your code via another method, and have it sent SMS. You get the code and you are set.
Great! I always forget that Apple has excellent support resources. Thanks Gary.
I use 3 or 4 passwords across 50 or 60 sites. I also use 1Password to fill out forms and remember these IDs and passwords. I have never used their generated password function. To change over, do I need to contact each of the websites and make individual changes? I'm concerned that my iPad usage will be made more difficult. I am an Apple user. Am I better off with using Keychain or another password manager?
Paul
Hi Gary. Good points well made.
So across all my devices logged into the same apple account I can let Safari/keychain randomly generate a unique password per site ? I think I tried this once and got into trouble because some higher security sites won't accept Safari/keychain passwords. Am I correct or was I just doing it wrong ?
Great video! In your opinion, which provides the best safety, yet is easiest to use: 1Password or Msecure? Or do you suggest another. I have a MacBook pro, iPhone 6, and iPod Touch. Thank you!
I was sent an email from apple saying my iTunes password was used to attempt to log into iTunes from an ip in France. This email told me to go change my password. It did not offer me a link. Just told me to change my password I went in and changed my password and my account was already locked like the email said. I thought this was truly amazing. I did then have to go change Netflix, DIRECTV and Hulu because, your guessed it, where the same password. Not after that they are all different
Can you recommend a good app to store passwords
Paul: Yes, you naturally need to change each password at each site. You don't have to do this all at once. Just start moving toward having a unique password for each site. Start with the sites that you use most often and that are the most important. Use the built-in Safari password feature so you have random ones and you never have to type them because Safari enters them for you. Eventually when you get many sites changed to unique strong passwords, then you can finish off the last ones. Read my free security book or take my free security course for more details about password (see right sidebar).
Ray: Most sites today should allow the type of passwords Safari uses. If they don't, that's very sad as it means they aren't serious about security. But you can always customize the password a little (remove dashes or shorten) if you need.
John & Marty: I usually just rely on iCloud Keychain (built-in Safari) since I am 100% in the Apple ecosystem. But I use 1Password at the same time since it is not much extra effort. 1Password would be great for those who also have one or more devices outside of Apple since you can do it on Windows, etc.
Very informative. Wanted to read the answers to all the above questions.
The proliferation of individual apps like Visa, E-Trade, Amazon, Auto Club, etc., means I'm back to referencing a list of (typically confusing) passwords; Safari's keychain is out of the loop. Am I missing something?
John: Apps either shouldn't ask you to enter your password very often, or use Touch ID to make it easier. But it is just a part of keeping secure -- like it used to be with carrying many keys with you to lock up all of your stuff. The complexity of the password shouldn't matter as it should always just be copy and paste anyway.