"I know your password! It's..." - The Sim Architect

"I know your password! It's..."

Posted on by Sim Architect

Doesn't this sound terrifying? Imagine if one of your REAL passwords are in the subject or the content of a threatening email sent to you, just like that?

What do you do? Panic? Pay?

Well, the truth is that those emails got their "information" from security breaches that affected BILLIONS of user accounts in many different services all over the world so...

Don't panic or pay!

Trust me, it happened to me, but there was a "but..." that made it very clear they did not have as much information as they were arguing in their badly written email: They could not count on the fact that I hate porn (nothing against it, I just feel nauseated by it, sorry), so I knew that whoever was behind the threat was just shooting bullets in the dark based on the "average person".

After some research on line, including opening a topic at Games4TheWorld for help among other things, I found very useful information (and sites) that would calm me down and help me set up a strategy.

Without spending any money, you can visit a couple of websites like Have I Been Pwned? or Firefox Monitor and provide them with your email address(es), that way you will find out which leaks affected you, if any, and also show which information was compromised in those leaks.

It's always advisable to replace your passwords once in a while, but who has the time to go to thousands of websites, replacing them one by one?

Plus, if you don't use a password manager like KeePas (not sponsored by them or anybody else) or your browser built in tools, how can you remember even where you have created all your user accounts for the past year, or perhaps a decade or two??? 😲

Well, it's hard work, and it will take you hours, days, for sure, unless you're a very organized person. There's no way around it, you need to replace all your important passwords (at least) with new ones, one by one 🤦🏻‍♂️. It's impossible to just create and memorize one different password for each service, unless you use some sort of formula or if you have a fantastic memory!

Most Common Password Handling Alternatives

  1. Pen and Paper: can't be reached on line, hackers or people across the world can't access it, no matter what they do 🙂. If someone has access to it physically, they will have access to your information 😟, unless you encode it somehow 😐;
  2. Digital device that can't go on line: an old personal organizer can be handy, it's a bit safer, since it can have a master password 😊, but if it fails, you lose everything stored there 😭, unless you have backup 😅;
  3. Password Manager Software on a Device with Internet Access: If you use a password manager on a device with internet access 😟, but you don't store the files in a cloud 🙂, you can have a security breach only if a hacker invades your equipment AND gets the master password somehow 🙂 (if you're using password protection on your database, of course), or if someone has physical access to it and also the necessary passwords to operate on it 😠.
  4. Password Manager with Cloud Storage: if you use Google Chrome, Firefox, Opera, Edge, Internet Explorer or any other browser to store your passwords (and synchronize them), you will have all your "saved passwords" in their databases 😐. The information is usually encrypted, but sometimes THEY have security breaches 😲, therefore we have a fantastic convenience 😃, since you won't have to type or memorize your on line passwords, but if they have a leak, "you're pawned" 😭;
  5. Local Document with Your Passwords: having a text file or spreadsheet somewhere in your computer with your user names and passwords is something lots of people do 😲, and it's only as safe as the safety of those files 😟. If someone has access to them and their protection is not enough to prevent the information to be read, you got yourself a leak 😭. Unless you really know what you're doing, it's a very bad alternative 😲;

  6. Mnemonic for password variations and memorization without annotation: if you can trust your memory this is the safest of all 😇, as long as the passwords are complex enough and the formula you use for the variations is not too simple or predictable. You can also have a few different passwords instead, and replace them every now and then with something new, maybe a couple of times per year...

There's no 100% safe method, and I just gave some examples above, of course. You can mix and match them according to your needs and remember that the safety of any information is as good as its weakest link.

Critical passwords and access points that should be always a priority

  1. Devices Logon Information: if someone can access your device and log on to it, they will likely have access to multiple ways of reaching out other accounts, data and even replacing passwords in multiple services and locking you out of it, besides using them for the worst possible purposes, like draining your bank accounts, for example;

  2. E-mail Accounts: lots of services allow you to change your existent passwords (when you forget, for example), but sending you a verification link. If someone can access your e-mail box, they can read those messages and get access to those "password reset" links or any codes your bank or other institution might send you there!
  3. Phone Lines: Mobile or Fixed! If they can get access to your mobile line they can read verification texts sent to you through SMS or listen to codes sent by automated voice calls. Same applies to your landline and even if the service in question uses a human to call your home, if the bad person has just a tiny bit of information they can impersonate you and get what they need;

  4. Cloud / Operating System / Browser Accounts: Google, Apple and Microsoft provide you with very convenient services but, if someone has access to your user and password with any of those services, they will be able to access all passwords and services that you can use from their systems, like seeing all your passwords stored at Google Passwords, for example. Both Opera and Firefox had leaks in the past, and we're not 100% safe against future (or even unreported past ones) leaks on those services.

Final Thoughts...

Always prioritize the items above when you're handling your personal data, on line or otherwise. Of course, keep your cash and bank cards somewhere safe and / or concealed, and consider getting insurance if you believe the premium cost is lower than the risk of having to use it.

If the worse happens 😭, do not negotiate with terrorists 😈. If someone already has bad information on you, nothing prevents them to use it anytime in the future, even if you pay 💸 (or kill 🔫) them. Just manage your losses, refuse paying ransom and move on 😢.

Prevention is always the best answer and, when talking about privacy, most of the times the only solution. Once your information is out there, there's nothing that you can do to erase it completely.

Off line backup on a device (external Hard Drive, SSD, Memory Stick etc) that's not connected to your computer or a network is essential to prevent losses to ransomware, or having a backup on a cloud service like OneDrive (if you're more worried about losing your data than having someone else able to replicate it, since those services usually restore deleted files if an invader removes them from their cloud).

Leave a Reply

Β© 2007 - 2024 The Sim Architect - This site needs cookies to function properly. By visiting and browsing you consent to the usage of cookies (including third party ones). I am doing my best to get rid of as many cookies as possible and you're welcome to use ad blockers or disable "third party cookies" in your browser settings, but some functionality might be affected (mostly if you log in or play videos embedded from YouTube). Enjoy your stay while you're here and let me know if you find anything that needs to be fixed.Learn more...