Eatigo and Redmart recently experienced data breaches (1.1 million accounts affected at Redmart straitstimes.com/tech/personal-data-from-11-million-redmart-accounts-stolen-lazada Updated October 31st, 2020 and 2.8 million accounts November 1st, 2020 straitstimes.com/tech/personal-data-from-28-million-eatigo-accounts-stolen-put-up-for-sale-online )
Straits Times October 31st, 2020 and November 1st 2020
Oh no, now people will know what my most ordered items on Redmart are. How am I possibly going to explain adding bags of salted egg crisps to almost every single order I’ve made?
Or perhaps you’ve used (and more distressingly, reused) a password you had thought was secure? Now everyone will know my favourite drink is KopiOGao123 or that my favourite dim sum is SiewMai@YanTing.
With data breaches becoming more commonplace, how do you go about securing your online identity?
What’s stopping someone from reusing that password to try and access your financial accounts? This is the reason why you do not reuse passwords on sites. And it is this very prevalence of password reuse which should worry us when we are alerted of a data breach.
If you’ve used the same password for i-banking, PayPal or worse the same e-mail address tied to the services. Change your password this instant.
Let’s face it; we aren’t going to remember 30 super long random passwords. I sometimes have trouble remembering what I had for lunch the day before. And because of this, you start reusing passwords, using shorter passwords made of fewer words, fewer symbols. All it takes is one site to be hacked and access to a bunch of other sites is compromised as well.
Sure, one can compartmentalise and use different passwords for banking than for e-mail than for social. But there has to be a better way.
Here’s where a password manager like NordPass can fill the gap.
What is a password manager?
Essentially, it’s an encrypted vault which manages a whole bunch of passwords for you. It generates secure passwords for websites, so you no longer have to come up with your combinations. You still need a secure password known only to you to lock down that vault. But I’d much instead remember one relatively hard to crack password than two. For the truly paranoid, you could always pair it with a YubiKey as a layer of physical security.
How can a Password Manager help secure my account?
Using a password manager is the first step towards the security of your account. It is a convenient app where you can find your passwords when and where you need them, in addition to this it also:
- Helps you generate strong passwords with a built-in password generator;
- Saves your complex passwords, so you don’t need to reuse them on multiple accounts. It’s one of the most common reasons why accounts get hacked. Use unique passwords for all your accounts;
- Keeps your passwords in an encrypted vault, which is protected by zero-knowledge architecture. Meaning that your data is encrypted before it leaves your device and reaches the password manager’s servers in this case, LastPass. You are the only one who can access and manage your login credentials. The LastPass team can’t.
- Allows you to set up 2FA to add an extra layer of protection to your account.
What else can you do to lock down your logins?
Enable 2FA wherever possible. I prefer using a 2FA token like AUTHY, SMS isn’t infallible as there have been several SIM swap attacks. Which aren’t as prevalent in Asia, but you never know with these things.
Yes, it might be a single point of failure but (in my opinion, it’s better than having lots of many weak links and hoping websites don’t get compromised)
For the tech-inclined, you could go old school and load up a VeraCrypt encrypted vault or encrypted disk image on macOS, and store passwords in a text file there. Making sure you only mount it when you need it and dismount it clearing memory after. Or perhaps set up BitWarden (an open-source password manager), but who’s going to set up and manage the server and ensure that that doesn’t get compromised or is running 24/7?
Disclaimer: Some of the links are affiliate links, meaning, at no additional cost to you. I will earn a commission if you click through and make a purchase.
Some people use their favourite food and address as their password combination. Mine would have been HokkienMee29 What would yours have been? Comment below and who knows I might send you a spiffy new YubiKey to lock down your digital persona. 🙂 #BadPasswords #ReducePasswordReuse