"Security is extremely important!" is the phrase that I heard everywhere, I am totally onboard, and I entirely encourage people not to overlook even a teeny-tiny loophole. However, it is a shame to expose that I myself using the same password for many accounts I registered online (Just to clarify, only for not really critical accounts). It was always fine; I get by without any issues and my password consisted of all the mixes from capital letter, number through symbol. The thing that added on to my clumsiness (using the same password almost everywhere) was the flaw in the sites I registered with. So recently, I found out through this site (Declaimer: I googled whether this site is legit and most of the answers are yes so I decided to share it here) that some of the websites I used to have account there were hacked and most users' credentials were exposed which is true because I was one of the victim.
Let me share the story. A few weeks ago, I received a ton of messages on my phone with a security code to login into my GitHub account (I set up my GitHub account with 2-factors authentication). The fact that I received messages means that the attacker (maybe bot) holds my correct email, username and password. I was anxious and furious. It is very offensive (and shameful) to be the target of attacker given the fact that I am someone who is in the tech sector. In short, it was not a successful attempts but I was very paranoid because the same email and password were registered somewhere else as well. I went ahead and change password of all the accounts I own. Here comes the challenge, how could I remember all the passwords given that I owe so many accounts? There, I decided to use password manager. I heard about bitwarden which is an opensource product and is also used by the current company I am working at. Again, disclaimer, this post is not to promote bitwarden and I don't get any money, commission, or benefit from them at all. I am here to share how easy it is to start adopting it. Bitwarden or any password manager can generate a secure password for you which can consist of range of random letters, symbol, number and with the length as you set up. It also has a function to check if the password that it generates (or you have been using) is under any data bridge situation before or not. There is an app for mobile which you can record all your password there so the next time you need to log in any sites from mobile, you will just configure to load the password from the app. The same goes to browser, I haven't checked all the browsers but there is a chrome extension for that.
Once you use password manager, next you will only need to remember your master password (which is recommended to set it as secure as possible). You can configure the app or browser to log out immediately after using it or with specific duration. There is also 2-factors authentication and many more settings that you can set up to make sure that you will not lose it.
One last scary thing that I want to share is that a few days later after trying to login to my GitHub account, I received another email which is the email that is sent by a website for the purpose of "verifying email address". It is obvious that (maybe) a person was using my account to register to some sites. My anxiety level increased and until now I am scared and always alert to check my email, bank accounts and everything to make sure that nothing is compromised. I was also curious so I tried to login into that site with the email and the old password that was leaked. Boom, I logged in. It's terrifying. I didn't know what the best solution was. I just went straight to delete the account. Until now, it is quiet but if anyone knows a better approach to response to such situation please let me know.
Okay, so this is the story. I hope my story could convince people who do not put too much concern over security to start picking up a habit of better securing their credentials.
Top comments (0)