Did you get a strange email last week from someone that you didn’t know, including one of your old passwords in the subject line? I did, and I heard many others were part of this criminal ransomware activity. Clearly, they were sent out with some kind of automated mailing list that made use of a huge list of hacked passwords. (You can check if your email has been leaked on this list.) It really annoyed me, and I got a few calls from friends wanting to know how this criminal got ahold of their passwords. (BTW: you shouldn’t respond to this email, because then you become more of a target.)
But the question that I asked my friends was this: Do you still have logins that make use of that password? You probably do.
Email is inherently insecure. Sorry, it has been that way since its invention, and still is. All of us don’t give its security the attention it needs and deserves. So if you got one of these messages, or if you are worried about your exposure to a future one, I have a few suggestions.
First, you need to read this piece by David Koff on rethinking email and security. It brought to mind the many things that folks today have to do to protect themselves. I would urge you to review it carefully. Medium calculates it will take you 17 minutes, but my guess is that you need to budget more time. There is a lot to unpack in his post, so I won’t repeat it here.
Now Koff suggests a lot of tools that you can use to become more secure. I am going to just give you four of them, listed from most to least importance.
- Set up a password manager and start protecting your passwords. This is probably the biggest thing that you can do to protect yourself. It will make it easier to use stronger and unique passwords. I use LastPass.com, which is $2 per month. For many of my accounts, I don’t even know my passwords anymore because they are just some combination of random letters and symbols. If you don’t want to pay, there are many others that I reviewed at that link here that are free for personal accounts.
- Create disposable email accounts for all your mailing lists. Koff suggests using 33mail.com, but there are many other services including Mailinator.com, temp-mail.org, and throwawaymail.com. They all work similarly. The hard part is unsubscribing from mailing lists with your current address, and adding the new disposable addresses.
- Even with a password manager, you need to make use of some additional authentication mechanism for your most sensitive logins. Use this for as many accounts as you can.
- Finally, if you are still looking for something to do, at least try encrypted email. Protonmail.com is free for low-end accounts and very easy to use.
There is a lot more you can to make yourself more secure. Please take the time to do the above, before you get someone else trying to steal your money, your identity, or both.