What To Do About Your Passwords?

By Joseph Amir
Opinion Columnist
​
By now, some of you may have heard about the Twitch.tv hack that happened a week ago. The entire source code as well as salted passwords of the well-known streaming platform Twitch, owned by Amazon, were leaked online, totaling 125GB of data. And if you have an account on the platform, there is good reason to worry—your password may have been leaked. But don’t worry too much, there are some very basic strategies to keep your account information safe from any would-be hackers purchasing your passwords and login information on the dark web that you should take, regardless of whether you had an account on Twitch or not.

Firstly (and this is important), never use the same password on different sites. If you use the same password everywhere, and just one of your accounts gets compromised, the first thing that a cybercriminal will do is to try that same password for your login on every other site that you are signed up on, including your bank. This means that they can access any site that you are signed up on, and potentially steal your information, your money, or even details about your life that you’d like to keep private. 

If you are worried that your information has been compromised, you can check on the site haveibeenpwned.com, a site that will monitor whether your passwords have been leaked and send you an email if an account has been leaked that contains that email. This way, you can find out whether your account information needs to be changed, or worse, you need to freeze your credit—I have personally been exposed to 6 data breaches, one of which was the infamous University of California breach that exposed my social security number, and led to me needing to place a credit freeze. This is especially important to us college students if any of us applied for a spot at a UC in the last few years: this data breach was catastrophic and could very well result in long-lasting consequences for our financial future.

Secondly, make sure you are using a password manager to keep track of those different passwords. I personally use iCloud Keychain, Apple’s built-in password manager in iOS and macOS, that uses biometric authentication and a master password to keep all your passwords safe in autofill. It even tells you when a password has been compromised so that you can change it immediately. However, there are many reputable managers out there, such as LastPass and 1Password, that can keep your passwords safe and ensure that you are always able to log into your accounts. 

Lastly, always make sure that you have 2-factor authentication set up on sites that allow it. This is a feature of some accounts wherein you are able to log in with a password, and then they send a notification to a trusted device or an authenticator app that you need in conjunction with that password in order to be able to log into your account. SMS 2-factor authentication is the least secure method because it is vulnerable to other attacks such as SIM-jacking, but is still better than no 2-factor authentication at all. The most secure method is using a secondary app such as Google Authenticator, and you should enable it for sites that support it.

If you take these steps, you will ensure that it is as hard as possible for someone to hack into your accounts and keep your personal information secure. It isn’t necessarily the easiest task to go through all of your accounts and change the old passwords that you’ve used, but it is entirely worth it because it’s an investment into your future security, and you don’t want to be stuck doing it once you hear one of your accounts is breached. I personally found out that my social security number had been stolen mid-flight over the Atlantic Ocean, and had to spend half of my flight time freezing my credit on Experian in the middle of the night battling jet lag, which could have been easily avoided if I had just planned ahead and set better, different passwords. So take my advice, and invest in your future peace of mind by following these steps!