Monday, 8 April 2019

Have I been pwned?

Pwn is leetspeak - gamer/coder term for 'elite' or in-group terminology - meaning 'own', but with a strong dollop of hostile takeover and gloating over 'what was yours is now mine'.  Outside gaming, being 'pwned' usually means that someone has hacked our email and/or password(s).

We all know that we should have a different password for every site. But realistically, how many of us do that? I used to have a low-risk password that I used for many sites, but as the number of sites I have become a member of has grown, I did start to vary them more.

But life grows complicated when you have hundreds of site memberships, and therefore between 100 or 200 passwords. To date I have not invested in a password manager, because two factor identification where I live is difficult (terrible mobile and internet connectivity).

Well, last year I got one of those annoying emails saying that my account had been hacked, and that the 'porn' I was watching was going to be made public (yeah, whatever). The worrying thing was that it had one of my passwords in the email. Dammit: sent to my email address with my password. Security breach!

OK: it was my low risk password, but still. I spend a whole weekend creating individual passwords for all the sites that I thought I might have used that password for (probably about 100 sites, I reckon). It was a pain in the butt. But it did teach me that I really do need a different password for every site.

Then if there is a breach, at least the damage is very tightly contained.

We can check if our email addresses have been pwned at a UK website developed by internet security guru, Troy Hunt, here. If we think we may have had a security breach, we can also check our passwords here.

And if any of you want to read more about the pwned phishing email I was lucky enough to receive, there are a couple of Reddit threads here and here.



No comments :

Post a Comment

Thanks for your feedback. The elves will post it shortly.