After “Mother of All Breaches,” Update Passwords on Compromised Sites

ByEmily Dolloff

January’s big security news was the Mother of All Breaches, the release of a massive database containing 26 billion records built from previous breaches across numerous websites, including Adobe, Dropbox, LinkedIn, and Twitter. It’s unclear how much of the leaked data is new, but it’s a good reminder to update your passwords for accounts on compromised sites, especially those you reused on another site. Cybernews has a leak checker that reports which breached sites include your data.

Apple also has a tool for you that can help.  Now that Passwords is one of the system settings on your Mac or iOS device you can click on “Security Recommendations”  and the Password AutoFill passwords list in iOS, iPadOS, and macOS indicate which of a your saved passwords will be reused with other websites, passwords that are considered weak, and passwords that have been compromised by a data leak.

  • Passwords are marked reused if the same password is seen used for more than one saved password across different domains.

  • Passwords are marked weak if they may be easily guessed by an attacker. iOS, iPadOS, and macOS detect common patterns used to create memorable passwords, such as using words found in a dictionary, common character substitutions (such as using “p4ssw0rd” instead of “password”), patterns found on a keyboard (such as “q12we34r” from a QWERTY keyboard), or repeated sequences (such as “123123”). These patterns are often used to create passwords that satisfy minimum password requirements for services, but are also commonly used by attackers attempting to obtain a password using brute force.Because many services specifically require a four- or six-digit PIN code, these short passcodes are evaluated with different rules. PIN codes are considered weak if they are one of the most common PIN codes, if they are an increasing or decreasing sequence such as “1234” or “8765,” or if they follow a repetition pattern, such as “123123” or “123321.”
  • Passwords are marked leaked if the Password Monitoring feature can claim they have been present in a data leak.

 More generally, password managers often have a feature that checks your passwords against the Have I Been Pwned database of breaches and helps you change compromised passwords—1Password’s is called Watchtower, shown below.You can also search Have I Been Pwned directly. Don’t panic if your email address appears in numerous breaches because some of the theoretically compromised accounts may be defunct sites, trivial sites you used once 10 years ago, or duplicate password manager entries for a site whose password you already updated.

(Featured image by iStock.com/Prae_Studio)

Similar Posts

  • Advice for Good Office Ergonomics

    Let’s look at how to keep your body comfortable and healthy when you interact physically with your Mac. In a word: ergonomics. You’ll…

  • _Dear Friends,_

    I have become super aware of mosquitos with all the news about the Zika virus. For some reason biting insects just love me whether they are super tiny no-see-ums here in the Keys or slightly larger ones in Vermont they seem to be attracted to me. The first thing that I noticed about the mosquitos down here is that they are tiny compared to the ones that come out every year in Vermont. Seriously though, this Zika virus seems like a very serious health epidemic with the World Health Organization calling it a crisis. They have a pretty serious mosquito control program down here with guys that go door to door to look for standing water and spraying year around.

    Apple announced their holiday quarter financials and they beat the estimates on the street and posted the most revenue and profit ever for Apple and in a truly remarkable factoid, the most profit generated in a quarter by any public corporation, EVER. I will talk about the financial results below but let’s just say if Apple has reached a plateau it sure is a lofty one! Just to contrast that a bit against the other guys, Samsung reported a 40% decline in profits. They posted about a $15.8 billion profit for the entire year which Apple crushed in a single three month period!

    This week’s Kibbles & Bytes exclusive features the “**Apple Certified Reconditioned 21 inch iMac**.”:http://www.smalldog.com/wag900002135/special-apple-certified-reconditioned-21-5in-imac-2-7ghz-w-applecare-for-1099 This iMac is configured with a 2.7GHZ i5 processor 8GB of ram and a 1 TB hard drive. This model has the latest 802.11ac wireless protocol and comes with the same 1 year warranty as new iMacs. We are bundling it with Applecare so instead of a 1 year warranty you get 3 years and instead of 90 day days of free Apple technical support you get 3 years too. Kibbles & Bytes readers can purchase this special bundle for “**$1099!**”:http://www.smalldog.com/wag900002135/special-apple-certified-reconditioned-21-5in-imac-2-7ghz-w-applecare-for-1099 That’s the lowest price ever for a warrantied iMac with Applecare!

  • A Swinging Hot Spot in Paradise

    You are visiting Key West, accompanied by your trusty iPhone and MacBook Air. Suddenly there’s an emergency at work, and you need to get online with your Mac. You can pick up a cell signal with the iPhone, but there’s no Wi-Fi that isn’t locked up. Well, my first thought might be “oh well, I’m on vacation!” but you are dedicated and need to be online.

    Don’t worry! You can use your iPhone’s cellular data plan to create a personal Wi-Fi hotspot that lets your Mac access the Internet through your iPhone. Also called “tethering,” it’s fast, easy, and can be a life-saver when you just have to get online with a Mac or your Wi-Fi-only iPad. It supports up to 5 users, too, which means you can get your team online, too!

    Before we explain how to do set up a personal hotspot, note that most but not all cellular carriers allow tethering on existing plans. For some, you might have to pay more for tethering. Keep in mind that any data consumed by your Mac while tethered will count against your data allowance and may generate overage fees. Carriers with “unlimited” data, like T-Mobile and Sprint, generally throttle your bandwidth to slower speeds if you use too much data.

    Along those lines, if you use a file sharing service like Dropbox or Google Drive, or an Internet backup service like CrashPlan or Backblaze, turn them off before connecting. Particularly if they haven’t connected in a while, those services can transfer a lot of data quickly, which could result in a hefty overage charge or awkward data throttling for the rest of the month.

    With those warnings out of the way, follow these steps in iOS 9 to turn on Personal Hotspot:

    1. On your iPhone, if you’ve never enabled the feature before, go to Settings > Cellular > Personal Hotspot. Once you’ve turned Personal Hotspot on once, it moves up a level, so you can access it from Settings > Personal Hotspot.
    1. Tap on Wi-Fi Password and enter a password that’s at least 8 characters long and easy to type. It doesn’t need to be super secure because you can keep Personal Hotspot turned off unless you’re using it. But you do want a password so random people nearby can’t connect and use your data.
    1. Once you’ve entered a password, slide the Personal Hotspot switch.

    That’s it! The Personal Hotspot screen provides basic instructions for connecting to the iPhone via Wi-Fi, Bluetooth, and USB. Stick with Wi-Fi, since it’s the easiest and most reliable in most cases.

    • To connect to your new Personal Hot Spot on your Mac, click the Wi-Fi icon in the menu bar and choose your iPhone’s name.
    • On your iPad, go to Settings > Wi-Fi and choose your iPhone.
    • Enter your password when prompted, making sure to select Remember This Network. That way, you won’t even have to enter your password the next time.
    • The Mac or iPad then connects to your iPhone, showing a hotspot icon instead of the usual wave icon for the Wi-Fi menu.

    Could it get any simpler? When you’re done, the safest thing to do, to ensure you don’t accidentally end up using too much of your data allowance, is to turn off the Personal Hotspot switch in Settings > Personal Hotspot. Your Mac or iPad will automatically disconnect.

    Actually, it CAN be simpler! Your Mac can automatically use the personal hotspot on your iPhone to connect to the Internet when they’re within range of each other.

    Use Instant Hotspot on your iPhone (with iOS 8 or later) to provide internet access to your Mac computers and other iOS devices (with OS X Yosemite or iOS 8) that are in range and signed into iCloud using the same Apple ID. Instant Hotspot uses your iPhone — you don’t have to enter a password or even turn on Personal Hotspot.

    Make sure your iOS device and your Mac are signed into iCloud with the same Apple ID.

    On your Mac, click the Wi-Fi status icon in the menu bar, then choose your iPhone or iPad.

    After you connect to the iPhone or iPad Personal Hotspot, you can check the cellular signal strength and the battery status of the iPhone or iPad in the Wi-Fi status menu.

    When you’re not using using the hotspot, your devices automatically disconnect to save battery life.

    One more big advantage of Personal Hot Spots. When you are shopping for that new iPad, perhaps you don’t need the cellular model if you nearly always have your iPhone handy. That’s what I do. If I need internet access on my Wi-Fi iPad, I simply connect to my Hot Spot! Saves me the added cost of a cellular-enabled iPad and the monthly fees from the cell carrier!