They Are Coming For Your Website, And They Know Your Password

• The Yahoo data breach exposed usernames and passwords for 3 Billion accounts
• A May 2014 cyberattack of eBay exposed 145 million user credentials
• The Equifax data breach exposed the personal information of 143 million consumers
• 110 million people’s information was expose when Target Stores computers were attacked.

These are just four of the 17 biggest data breaches of the 21^st century. If you are one of those who tend to use the same password on multiple accounts, the chances are hackers have the keys to your website.

This is a game-changer. No longer are hackers blindly guessing what your password might be. They find your username or email (easy) and then just look up your password in their database. It is time (past time, really) to adopt a new strategy for protecting our logins.

There are two recommended strategies:

The first strategy is to have Different Passwords For Each Site. While this used to be unworkable, tools available today like 1Password  have made this a reasonable choice: All your passwords are stored in an encrypted file on your computer, protected by a very strong master password. The 1Password software recognizes the website you are logging in to and supplied the corresponding username and password.

The second strategy is to use 2-Factor Authentication. This is the strategy I’m recommending my clients migrate to. Essentially it works like this: You log in to your website just like you always have done. You are then prompted for a third piece of information: This third piece of information is transmitted to your smartphone and usually consists of a six-digit number. You read the number off your cellphone and enter it into the corresponding field on your website.

Many of the WordPress security plugins such as Wordfence have this capability built-in. The can send the six-digit code to your smartphone as a text message. Some can also use the Google Authenticator App if you have it installed on your smartphone.

If your security plugin does not provide a 2-Factor Authentication mechanism, then I recommend:

1. Installing the Google Autheticator WordPress plugin [link: https://wordpress.org/plugins/google-authenticator/], and:
2. Installing the Google Authenticator app on your smartphone.

WebsiteOverwatch.com has been preventing bad things from happening to websites since 2012. For more information or to discuss your needs, email dbarnhart@websiteoverwatch.com or call 602-647-7847.