Google Alert! Change your compromised passwords. Like many people, I use Gmail and when Google warns me that one of my passwords has been exposed, I take action.
If you read the entire blog post then you will find out that the warning was a false positive but every case is different. Still, the first step in fixing a compromised password issue is not to panic.
After I have read the Google email, I searched for more information to help me understand what I am dealing with. After all, my passwords are complex and expire at least twice a year. And now let’s get to work.
How to find out where the password breach occurred
The first step (besides not to panic) is to find out where a breach has occurred. To do that, check with https://haveibeenpwned.com/ which is a website specializing in password breaches.
After I entered the email in question, the search quickly confirmed that Google indeed found a breach of my email account. About 12 years ago, I’ve signed up with the then trending Gamesalad website so that I could start developing iPhone and iPad apps. Eventually, I moved on and no longer used Gamesalad. Like so often, the account stayed active and in 2019, they seem to have been hacked. I change all of my email passwords twice a year and use a custom Python script or pwgen (Linux terminal) to generate long and secure passwords.
Since the website hack happened about two years ago, my email account in question would not be affected but we must never let our guard down. The internet was never and will never be safe and therefore, complex passwords are a must.
My take on passwords
One of the best learning experiences is to actually make or create something. Doing so requires a lot of research and research educates. I have an E book in the works which carries the title: Strong & Secure Passwords
The knowledge contained within the E book is based on how I manage a handful of Linux computers plus a cloud server which holds all the assets for the Little Composers website.
I use two kinds of passwords. Most are generated as I have already mentioned and some are burned into my memory. After months of research, I have learned to there is no point in using overly long and complex passwords. The usual hackers and script kiddies can’t brute force anything that is longer than 8 – 12 characters and those who can, don’t care about complexity or length.
You see, all of our computers have hardware-based “features” that give government agencies full access to our computers at their choosing. I will not go much further into detail but if you want to find out how deep the rabbit hole goes, the search for “Intel Management Engine”.
Try to skip the conspiracy theories and read up on the well-written articles authored by those who know. To make a long story short, all of our computers regardless of which chip does the number crunching, have the ability to capture each and every keystroke we type. There is NOTHING we can do about that except hope to not be on Big Brother’s radar.
So use simple but long passwords to fool the wannabes and a typewriter if you are planning on publishing something that doesn’t point back to you. Then again, if we use Gmail in the first place, privacy should not be expected to begin with.
I welcome your comments, questions and thoughts about this article. Be vigilant and mindful of what you type 😉