Today on Bud’s #WeeklyGeekOut . . . parlaying news reports of Disney+ account hacking into some #geekoutbasics about keeping your accounts safe. =) webmeister Bud
Phishing
These are the e-mails or texts which pretend to come from Canada Post, or Amazon, or the Canada Revenue Agency, or Disney, or some other company they hope you’ve had dealings with.
They’ll either say there’s a problem with your account, or you need to confirm some info, or some other lame excuse to make you click the link in the e-mail.
The link is usually disguised. Hover before you click, and make sure it’s going to the actual site you go to to do business with these people, not disney-plus-account-help.com or something equally lame . . .
The evil links usually have a clone of the actual website with fields for your username and password. Punch it into this evil site, and they have your info, to do with whatever they please.
Data breaches
Even if you don’t fall for one of these scams, bad guys are hacking away at big companies all the time, and that’s where we get data breaches.
So, Disney hasn’t been hacked? Okay! Facebook has. So has Twitter, eBay, LinkedIn, Gmail, Reddit, Starbucks, and hundreds of others.
And any username/e-mail/password combination you had at any of these companies during a data breach is now out there for any evildoer to find.
DON’T REUSE YOUR PASSWORDS
Best practice? Have a different password for every. single. website you log in to.
If I used HelloImWebmeisterBud@gmail.com at every site . . . and my favourite password of 123456 at every site . . . and those credentials were caught up in a data breach . . . the moment that info is leaked, bad guys are gonna try credential stuffing at Facebook, at my bank, at Google . . . and, at new services like Disney+.
I can’t say for certain if this is what happened to everyone whose account was hijacked, but I’d bet a handful of shiny nickels that it’s what happened to some of them. DON’T REUSE PASSWORDS!
Difficult to guess, easy to remember. I’ve turned to using pass PHRASES relevant to the site. So, on Facebook, it could be, “I’m turning pages 2750?” with all capitalization, punctuation, and spacing intact. And 2750 is our address.
That isn’t my Facebook password, by the way. Just an illustrative example.
The ULTIMATE best practice is to have a different E-MAIL address AND password for EVERY website you have an account with, but I know that’s unfeasible unless you own your own domain, like I do. So, I have facebook@happydesigns.com and instagram@happydesigns.com and linkedinLOTS@happydesigns.com . . . because linkedin@happydesigns.com was caught in a breach.
Use a password manager
“Bud Bud,” I hear you say, “I don’t own my own domain. How does a normal human remember 6,000 passwords?”
The best normal human tactic is to use a password manager, like LastPass or 1Password, to let it remember different passwords for each of your services, and then you only need to remember the one master password to access them all.
Explore all of the #geekoutbasics posts for some general computer safety tips from webmeister Bud!
