Sabrina I. Pacifici writes:
WSJ via MSN: “How do consumers respond when their online accounts are exposed to hackers? Many of them simply don’t. Data breaches at major firms have become all too common, with more than 110 million user accounts exposed in just the second quarter of 2023. Yet our research found that nearly two-thirds of U.S. consumers would return to a site after they were notified of a breach—with only the bare minimum of precautions, like changing their passwords. Almost a quarter of the roughly 200 people we surveyed said they would return to the compromised website with no changes to their behavior at all.
Read more at beSpacific.
A few times a week, I get an email claiming that one of my accounts has been breached or attacked. In the last 13 yrs, only once was that actually the truth. Someone had tried to access my DNS records for a domain I run. They failed. I did nothing.
I use specific email addresses with different online websites. If the email that receives the claim isn’t used with the matching website, I know it is bogus and do nothing. Lots of them claim that my email account has been hacked or that the admin team wants me to reset the login too … which is really funny, since I run my own email server.
Long ago, switching to unique, long, random, passwords for every online account means if one account is cracked, it won’t impact any others. The email addresses (really just aliases) that I use for financial accounts are all unique to that specific financial institution.
Initially, I started doing this because a retailer had clearly sold my email address and other information to another company without my explicit approval. As a way to know exactly who did this, I started using different, unique, aliases with every business. When a business abuses our customer-business trust, I stop doing business with them and make the email alias for “spam” training going forward. If I can’t trust you to keep my email private, I certainly don’t want to give you **any** money again.
All of this may sound complicated, but a password manager makes it really easy. Security for a trivial account or a brokerage account should be different, but thanks to the password manager, they are effectively the same level for me. Actually, the brokerage accounts usually allow far too short passwords, where as Joe’s web blog will allow 60+ character passwords. Since I’ll never type either one in, what do I care if a password is 25 or 125 characters long? Random and long matter. After a certain point (say 20 characters), length doesn’t matter anymore. Well, not for practical purposes.