My Rant About Password Security
Apparently we can only go about 6 months before another story of someone’s accounts being compromised.
Again, it was preventable.
I cannot, apparently, stress enough how absolutely critical it is that you never, ever, for any reason, use the same password for multiple accounts.
In this particular case, the client used the same password to log into her web site as she did for other accounts. When another account was compromised, the “bad guys” used her password to log into her web site and infect it with malicious code which affects the visitors to her site.
So now, not only is her information compromised, but her customers are at risk as well, because she didn’t use unique passwords everywhere.
When Squarespace reached out to me about the breach, they worded it as:
"We believe that your password was likely exposed in a password breach on a separate service.”
However, since I DO use a unique username and password for every single service that I use, I knew that if MY password was compromised, it had been compromised by Squarespace and not a separate service. I fortunately had the peace of mind that no other of my accounts would be in danger, since no other account used that same password.
When I spoke with Squarespace about it, pointing out that my username and password was entirely unique to my one Squarespace account, they looked into my case further to explain that a client’s web site, that I had permission to access, had been compromised. There policy is to notify everyone with access to the site, and their “canned” notification was to alert folks that the needed to change their password because a breach had occurred.
I know that it seems a “pain” to make every online account unique, but it really does affect FAR more than just your convenience. It affects your reputation with your clients as well as your income. If your web site is compromised, your business is compromised.
So please, if you do nothing else, make each account password unique. The easiest way to do this is to use 1Password as your password manager and generator. (http://1password.com).
If you want me to tell you more about how 1Password can help prevent these risks for you and your customers, get in touch.
Sasha's Hacking Story
It took some convincing, but Sasha Mobley finally got 1Password (on my long-running recommendation) and updated most (but not all) of her passwords. So when her accounts started getting attacked tonight - while she was out of town - the damage was limited. As happens many times, the first account hacked was one that had a password used on multiple sites. I was able to show her how to identify the most vulnerable accounts, and get that straightened out so no further damage happened. PLEASE use this as a Cautionary Tale and get a secure Password Manager - one that TRAVELS with you. We rely on our devices heavily to pay bills, access sensitive information, store documents, so you're especially vulnerable when you're traveling. If Sasha hadn't installed 1Password on ALL of her devices, this could have been a much bigger pain for her - and her family who shares certain accounts - while traveling. I'd love to help you get your devices and accounts secured.