Yesterday morning, my Walmart.com account was hacked. I got an email addressed to “Jorge Borges”, letting me know that my password change had been completed.
Um, my name isn’t Jorge Borges.
And I didn’t ask to change my password.
A quick phone call to Walmart.com and I learned that yes, my account had been hacked, but fortunately, no charges had been made.
The service rep flagged my account for fraud and closed it – if I order from Walmart.com again, I will have to open a new account.
I placed a preemptive call to my credit card company listed on the account. All is clear, but I’ll continue to monitor it.
Twelve hours later, my Facebook account got hacked and some bogus Starbucks gift card offer got posted to my wall. I was busy getting kids to bed, but an hour later when I logged back in, I had a dozen emails from friends asking if that offer was legit.
What offer??
Oh… that offer!
My first step was to change my Facebook password. Then I went into my apps and deleted everything that wasn’t currently being used (including the fake Starbucks one, which was connected under the “Tumblr” app.)
If you don’t know how to delete unwanted apps, read this post.
You should routinely do this, just to keep your account clean – and protect your privacy as much as possible in this virtual world.
But my vigilance didn’t stop there. Thanks to my FB friends, I decided it was high time that I get a password manager. The two most highly recommended to me were:
1Password – Originally designed for Apple products, 1Password is now available for Android and PC devices as well. It is a paid package, starting from $49.95. It gets excellent ratings for security and usability.
LastPass – This free service works on both Macs and PCs as well as all mobile devices with a premium membership ($1/month). You choose ONE master password, behind which all your other passwords are stored and auto-filled. It will also suggest randomly-generated passwords for new accounts, or those you want to change. LastPass has excellent reviews as well.
(This post from Life Hacker does a great job of describing 1Password and LastPass, as well as some other password managers – thanks for the link, Becky.)
After downloading my new password manager and installing all the add-ons for my browsers, I spent an hour going through all of my accounts and randomly generating new passwords.
Yes, I was one of those idiots who used the same password for every single one of her accounts. Actually, I had two that I toggled back and forth between. Security was clearly my middle name.
It was a bit of a pain to deal with all of that late last night – but not nearly as much of a pain as identity theft.
If you haven’t cleaned up the apps in your Facebook account in a while, take five minutes to do that this afternoon.
I strongly urge you to look at a service like 1Password or LastPass to keep your passwords safe and secure. And while you’re at it, create some randomly generated passwords – especially on your financial accounts.
One easy password trick is to use one “base” password, and then tack on extra letters, numbers, and symbols you associate with the website you are on. For example, if my base password is “flowers”, my passwords would be:
Walmart – flowersWA$
CNN – flowersCN!
Bank of America – flowersBoA$
Facebook – flowersFB*
Email – flowersEM@
Make sense? Unique passwords, but easy to remember, with a symbol related to the site content. You can also change the passwords on a regular basis by changing the baseword, but keeping the same suffix.
Excellent ideas! I wanted to share a great hint I got from Atlantic magazine-the hardest passwords to hack are ones that are essentially a sentence, as in “Ihave2dogsand1crazycat.” (I don’t, by the way) But seriously, the sentence should be something that you can remember and be random. The trick is hackers password busting software can’t make sense of these kind of sentences and can’t hack them.
This post got me moving….i’ve know that it was foolish to store have the same passwords for everything, but this was the push to make some changes.
Do you use another company to randomly generate passwords for you?
Both LastPass and 1Password will do that for you, Janna.