Have you always wondered whether you have an account that has been compromised in a data breach?
The risks of online attacks on today's internet
I have just found an interesting website, developed by Troy Hunt: haveibeenpwned.com (HIBP). He is a Microsoft Regional Director and international speaker on web security.
As stated on the website, it serves two primary purposes. Firstly, it obviously provides a service to the public. Data breaches are rampant and many people don't appreciate the scale or frequency with which they occur. By aggregating the data here he hopes that it not only helps victims learn of compromises of their accounts, but also highlights the severity of the risks of online attacks on today's internet.
Secondly, the site provided him with an excellent use case for putting a number of technologies through their paces.
Do you want to know if an account of yours has been compromised in a data breach? Just fill in your email address and check it out.
Important addition: "Absence of evidence is not evidence of absence" or in other words: you never know for sure.
But what is more important to me is that it makes me once again aware of the dangers of the internet and the importance of good password choices. Certainly now that crypto-related matters can be found on my computer, I do not always feel certain whether everything has been stored safely. I know it's not smart, but I realize that some of my important passswords are stored online and therefore are vulnerable. You have to store it somewhere, no? Yes, I am a security noob.
I still have to explore and look at the tools more thoroughly , but the following website seems like a handy tool to create secure passwords: 1password. As I learned on the website, it is more than just a password manager. You can also store other essential information in such as driver's license, memberships and credit card data. The video below is a nice introduction.
I quote Troy, who is often asked how he feels about syncing his passwords via 1Password's online service:
Firstly, I need a sync service. I regularly use several different devices and when I sign up to a service on say, my PC, I also want access to the credentials on my iPhone. Plus, I want the ability to securely share secrets with family so there needs to be a sync service and they've designed a really solid way of doing this.
Secondly, I point people who want to understand more to the 1Password security model and if they really want to get down into the details, to their whitepaper on the 1Password security design. It goes as deep as you want to go in terms of detail but the big things for me are the fact that they can never see any of my stored passwords, that even if someone got my master password they'd still need a separate "secret key" to gain access to anything sensitive and that they offer two-factor authentication which is required to set up 1Password on any new device.There's a heap of other features beyond those that keep me using 1Password too. For example, travel mode to remove vaults from my devices entirely while I'm on the road, version history so I can see previously used passwords and super easy browser integration so I can not only login to websites easily, but also generate strong, random passwords for new accounts.
As Troy is partnering with 1Password and the above information can thus hardly be called neutral, I wondered if someone already has experience with using 1password? Or if someone has other, (better), (free) options for managing secure passwords. I would very much like to hear it.
note: some interesting links can be found within the text