They Tried to Scam Me
Scanning through my email spam filter today, I noticed a message that claimed they knew my password. The interesting thing that caught my eye, is that it might have actually been one of my old passwords, from WAY back in the day when we all took password security less seriously.
Seemingly weekly, we hear about this and that big company having a data breach where personal information was compromised. This can sometimes include password data that can fall into the hands of unscrupulous individuals who use that information to harm. For example…
Blackmail Claims:
The email I received, claimed that they knew my password, that they had accessed my computer, that they used the camera on it to spy on me and record embarrassing footage. This is rubbish, highly unlikey (especially since I don’t have a camera on my computer), and the password they claim to have was actually a login for a software service, not for my computer.
For a moment, let’s do a thought experiment. Let’s imagine that I DID use the same password for my computer that I used for some other account that got hacked. What if it was possible? You might start to feel stressed, wondering if someone might have access to your computer, your private files, your bank credentials, your social media accounts, etc. This is the number one reason why security experts now suggest that you never use the same password twice. That way, if someone somehow obtains your password from your social media login, they won’t be able to use that information to log into any other account, such as your online banking, and vise versa.
How I responded:
1) Check to see if that password is actively used on any accounts.
My first step was to check my records and assess if I have any overlooked accounts that might still use that password. As expected, I didn’t find any but I feel better for having checked.
2) Review accounts for passwrods that haven’t been changed in a while.
My second step was to go ahead and refresh passwords on some of my older accounts. This might look like updating or creating new admin accounts for my personal and my clients wordpress websites.
Why?
Because data breaches happen, because your data and passwords might occasionally be compromised, one easy way to limit your security risk is to update/change your passwords regularly. Regularly is relative and depends on your personal situation. If an account isn’t particularly sensitive, you might feel safe to just change it once every year or two. If the password is protecting sensitive data or access to accounts critical to your business or your personal life, you should consider changing it more frequently.