Caught you watching p*rn!

Meet Jack. Last week, Jack received an email from a stranger. It said that the stranger had managed to hack into Jack’s laptop and caught him watching porn. To prove the point the stranger goes on to reveal part of Jack’s login password. Jack starts to get worried as it actually is the password he is using. The stranger demands Jack to pay £600 worth of Bitcoin to leave him alone and not to make it public. A few minutes later, Jack’s bank balance is £600 less. Some of us have seen these emails. What happens here? How to prevent being the victim?

The email Jack received is a phishing email. They were sent out to thousands if not millions of people like hoping someone will take the bait. How do they know Jack’s password? There a few different theories for this. First one, Jack has been using the same password for a long long time and he is using it across all the systems that need a password. Some of those websites/applications were breached and the stranger got hold of Jack’s password. Another theory, Jack could have been a victim of one of those phishing emails that ask you to ‘reset your password immediately’. So how to prevent this? Follow the password hygiene.

I know the Passwords are a pain in the neck. There are just too many of them and hard to remember them all. Not to mention the minimum character requirements and frequent update intervals. Makes the whole password thing even more complicated isn’t it?

As I said, I do not remember my passwords. I only remember a handful of them and the rest of them are a strange combination of letters, number and characters that I don’t dare to remember. So what’s the hygiene?

The Hygiene:

• Use passphrases when creating passwords. Use three random words or a sentence or a quote or something similar. You get the gist.
• Use a password manager. Use it to remember your passwords as well as creating new passwords and remember them for you.
• Remember to create a strong master password for the password manager. The password managers now work well with smartphones too. You won’t have to type your password.
• Use 2-Factor authentication wherever it is available. Most websites/apps now offer 2-factor method.
• If you are using the same password for a long long time across multiple services consider updating it.
• Do not use the same password across multiple apps.

Here are a few useful resources to help you.

Check if your email was part of a data breach - https://haveibeenpwned.com/

Check if your password was breached - https://haveibeenpwned.com/Pas...

Lastpass password manager - https://www.lastpass.com/

Password strength checker - https://howsecureismypassword.net/

If you need help with Security Awareness Training for your users or the board get in touch with us. We are on hello@thetechforce.co.uk and 0333 210 6181