04 January 2019, Mecklenburg-West Pomerania, Schwerin: EXAMPLE – (post photo) Photo: Jens … [+]
photo alliance through Getty Images
Old “zombie” accounts can reveal your passwords, or worse, credit card information. Here’s what you need to know.
Over time, you may open dozens, if not hundreds, of accounts. Some of these accounts will contain credit card information and other sensitive data. And some of that could be overlooked and forgotten.
These can accumulate over time. “With almost every website and app either wanting or strongly pushing visitors to sign up for a user account, users are accumulating accounts very quickly,” according to Person- Security, a cybersecurity provider and password manager.
Guardian points to Digital Guardian investigation to find:
70% of users have over 10 password-protected online accounts, and 30% have “too many to count.”
“Over time, the average user will stop using and forget about many of these accounts,” the Guardian says. Accounts such as:
- Free trials
- Stores that you no longer buy
- One-time accounts you have set up to buy something
- Game platforms
- Apps used a few times and abandoned
Here is the problem. If you reuse passwords – or if you have been before – over multiple accounts and there is a data breach (think: Equifax), hackers can use a password that is open in one of the those old Zombie accounts to break into your active accounts.
“If a password (even a random or complex word) has been revealed in a data breach, attackers can use it to try the same password on any other website you use,” said Darren Guccione, Head of Security Guard, emailed me.
“It’s no secret that people recycle passwords for accounts. This is the single biggest tactic that criminals count, ”said Craig Lurey, CTO Curator.
What you can (should) do:
–Find old accounts: not everyone keeps a perfect record of old accounts. That said, if you use the Google Chrome browser (as many do), it will show all the accounts and passwords you used under chrome> settings> passwords. Settings are similar to other browsers such as Firefox and Safari. Password managers also monitor your accounts.
–Close unused accounts: this is often easier said than done. As Wirecutter points out, closing an account can be difficult at times as the website owner may find it difficult to close.
–Do not block passwords: this is repeated ad nauseam by all cybersecurity experts. Using a strong and unique password for each site greatly reduces the risk, Keeper Security’s Lurey says.
–Update passwords: Big data crashes happen all the time, so update your passwords regularly. Sites like haveibeenpwned show which of your accounts have been exposed in a data breach.
–Try password manager: if you cannot, or do not want to, keep track of a list of complex * and unique passwords, password managers, such as 1Password, are the most effective solution. Password managers generate and autofill passwords for users when they create new accounts.
–Use multi-factor authentication for accounts: if you change your password, you will be notified and prompted to enter a pin number. This is an added security.
–Remember – your friend’s convenience is not: If you create your own passwords, avoid dictionary names. And avoid names that may be related to you such as children’s names, pet names, and place names. It is a good rule of thumb to use random words, numbers, and especially special characters or symbols. Alternatively, take familiar names and rearrange them by, for example, shortening, truncating, adding unique prefixes or suffixes, or combining parts of the random names to strong, unique passwords with a combination of special characters, symbols and numbers.
——
NOTES:
* Complex passwords involve the use of long strings of letters, numbers, and special characters. If you create your own passwords, experts advise not to use words that appear in a dictionary as they can be hacked by hackers.
Comments can be sent to mbcrothers[at]gmail[dot]com or direct message at twitter.com/mbrookec