I got a surprise last week when a push notification and email came in regarding someone trying to use my Twitch account. The good news here — for me — was that I enabled two-factor authentication, so while they tried, they didn’t get in.
This made me think about the last time I changed the password, it turns out it’s been years. Having worked in IT for a number of years, I should know better because this isn’t recommended password practice. This email and subsequent investigation started a flurry of password changes.
Investigation: I had a number of compromised passwords
It was a reminder to me that password strength isn’t the only important factor, monitoring your password age is too. I’d gotten complacent regarding passwords, dismissing reminders from my password manager to run a security check. When I did, it was shocking to see the number of passwords I had (mostly old passwords) that were compromised in data leaks. I also realised quickly that a number of my old passwords were duplicated, so they’ve been changed to unique entries as well.
For me, the reminder was useful and the outcomes for me were that I’ve now set a reminder to run a security check on my passwords quarterly. I’ve set up monitoring through LastPass to notify me if any of my emails are compromised in new leaks. I’ve updated a number of old passwords, as well as any reused passwords to unique entries and confirmed that anywhere possible 2FA is enabled.
What measures do you take to protect your password security?