Live and Learn
Most situations teach us lessons so that we don’t repeat damaging behaviors. For example, if you touch a hot stove, you know to pause and make sure it’s off before doing it again. If you run out of gas on a highway, on future drives, you’ll be on the lookout for a gas station anytime the tank hits the last notch. These are valuable lessons that mark a moment in time that we move onward from, and our behavior changes as a result.
So why isn’t this happening with passwords and cybersecurity? We would be hard-pressed to find anyone who hasn’t received a notification from one of their account administrators (credit card, social profile, membership rewards, etc.) notifying them of suspected malicious activity that may or may not have compromised their credentials. This is followed by a directive to change the password and remain on alert for suspicious activity. This doesn’t mean change it to one of the 3 passwords you have in rotation. In fact, that rotation needs to go in the shredder and it’s time for grown-up passwords that do the job more effectively.
And to make matters worse, this isn’t a cycle that can be measured with a start and end date. For example, most of the information found for sale on the dark web is available months, even years, after a breach. Remember that notification you got for a compromised password in 2010? At the time you might not have taken it seriously or understood what it meant. Well, here it is in 2019 reminding you of what you didn’t do.
Hackers can take old breached data, combine it with new information that has been compromised, and come up with an entirely new menu of options for sale.
If you’ve ever received an alert that your password was compromised, you need to change it immediately. You need to use sophisticated passwords. And you need to monitor all of your data and accounts regularly. Make it a practice not to reuse the same password across multiple sites. And if you have made this mistake, make sure that if one of those accounts is breached, you update all of the accounts linked to that same password.