*CUE TOTAL FREAKOUT*
I had to submit a ticket to the company, explaining in as much detail as possible what my email account contained - recent emails, folder names, contact details, etc. Thankfully I was able to remember enough that my ownership of the account was validated by the next afternoon and I was sent a password reset link to a different email address. Now everything is back to normal, and it looks like no harm has been done. I've changed my account settings (in all accounts I could think of) so that they are *MUCH* more secure (changed security questions, added my phone number and alternate emails for password resets)... but I've gone even further than that.
A friend on a forum mentioned a program called KeePass, a program you can download (or even just put it on a USB stick to use portably without installing). To quote the website, "KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known."
Basically, you only have to remember one master password to get into the program, and then the program allows you to generate random, extremely strong passwords (we're talking symbols, numbers, caps/lowercase, 20 character length, etc - all which can be altered to your preferences) for anything you need a password for. I decided to install the program on my laptop and spend several hours this evening using it to change all my passwords - emails, blogs, my website, paypal, bank account, even games I play. I realized how often I use the same or very similar passwords (and don't we all?) and how easy it would be to get into multiple accounts if someone were to just figure out one of those passwords.
I could have been in for a catastrophe if I had not got my account back - I would have lost all my contacts, multiple important emails including correspondence regarding gecko sales - and no one would have known why I dropped off the planet! My email address may have even been used to generate malicious spam. And if they'd gained access to my financial accounts, well, we all know how devastating it could have gotten then. I learned my lesson! And I'm posting this entry so that you can learn from my mistakes instead of your own (even one that could lead to full-on identity theft). At the very least go and change your passwords often, and try to make them unrelated and include both letters and numbers. But I *strongly* encourage checking out KeePass for yourself. The website has a list of its features and I think you'll be impressed. Even when installed on your computer, the program leaves no registry keys or other evidence and if, God forbid, someone stole your computer, they still wouldn't have your passwords without that master password.
Bottom line: Protect your websites, your financial accounts, your email, and as a result - yourself!
No comments:
Post a Comment