Do you really know where you have on-line accounts?
The latest security breach has occurred, this time on ebay.com. In this particular case, it appears all the user identifiers and passwords have been compromised, but (as of this writing) not financial information or paypal.com accounts. For more information, see Brian Krebs blog post.
When I heard this, my first thought was: Hey, I don’t use eBay, so not a problem. My second thought was: Wait a minute, didn’t I buy a golf club on ebay a while back? Well, it turns out I do have an eBay account and after digging around to figure out my creds, I was indeed able to log in and reset my password.
That experience got me to thinking about how many accounts I really have on-line. I’ve been an active participant on the Internet since there were less than 1,000 sites worldwide and I’ve probably have hundreds of accounts. Some of these accounts are no longer valid for a variety of reasons, including the company failing. However, as I sit here, I could do a quick accounting and still miss some, probably by half.
This is truly concerning because I don’t think I could remember all of the accounts, even if I performed a deep-dive. I’ll bet you are in a similar place.
So, the best defense is to change up your passwords for the accounts you are aware of. Never reuse old passwords, nor play the “one-off” game, which means don’t have a single password that you change by incrementing a number (e.g. 1password -> 2password) or some such thing. Then change them periodically across the sites. This way, if you forget one, hackers don’t have a complete set of credentials.