Today we are celebrating Data Privacy Day: an annual occurrence to raise awareness about the need for digital privacy.
Let’s be honest, we all love how we can ask Alexa or other virtual assistants to turn the lights on if we're too lazy to move from the couch, to play that beautiful song we cannot stop listening to, or virtually billions of other things that up until a few years ago were considered “science fiction”. Now we even have ChatGPT and an ever-growing number of AI tools plotting to take away our jobs (or our homework… in that case, go ahead AI!) and turn every single one of us into a useless waste of space.
(Just kidding, we believe that's not gonna happen anytime soon!)
But what’s absolutely true is that all of these technology wonders come at a price: your data! Yes, you read that right. The more data you feed these tools, the more perfect their answers become, and they just love to get to know you and your habits more and more to become perfectly customized for you, or to keep you engaged, as some like to say.
I’m sure some of you (I hope every one of you) already know the number one rule of the digital world: if you are not paying for a product, then you are the product!
And we are all happy to become “a product” for such tools, because they actually do a really good job at automating things for us (they can even hear you snoring and turn off your lights or the TV because of that… never has snoring ever been so convenient!)
But sometimes things just don’t go as planned and this happy story comes to a brutal halt: the magic is gone as soon as a breach happens.
But what is a data breach? And how can I know if my data was exposed?
What is a data breach
There are people out there whose job is literally to steal from companies. But their goal is not to steal material products… instead, they steal users’ data. What they do with all this data is not to be known: sometimes they demand a ransom from the company itself, other times they will sell it to whoever is willing to pay the most. And believe me, for the right price there is surely someone willing to buy your data, especially if it includes credit card information! Nowadays, data is basically the digital equivalent of pure gold.
Tech companies are constantly fighting a war with these people, and they try really hard to make their services and products secure in order to protect your precious data. But sometimes all these efforts are not enough and they still get breached and your data goes into the wild.
Let me present to you “Have I Been Pwned”
Now the real question is: how can we know about these security incidents? And what should we do when they happen?
Let me present to you haveibeenpwned.com! This is an online service that lets you know if your e-mail was part of breached data, and they do a wonderful job keeping up to date with the latest and most important breaches.
To know if your e-mail was part of some breached data, and incidentally your data “changed owner”, simply go to the website and insert your e-mail address: don’t worry, this is safe!
If you are really lucky (or really good at keeping your info safe), then your e-mail address will not be included, and this means you are still safe (for now, at least!).
But if you have been online for long enough, unfortunately your e-mail will, with a great probability, appear on some data breaches. Don’t worry about it, it is totally normal (my personal email address has been breached 9 times…).
What can you do if your personal data was compromised?
First things first: don’t panic! This is something that can happen and there are some steps you can take to reduce the resulting damage.
Your first step is to change your passwords. I’m sure you are not using the same password for every website, right? If you are, well… you need to change all of them ASAP.
Then you can start to review the summary of the data that they stole from you. Have I Been Pwned does a wonderful job at this:
As you can see from the example above, this is a list of what type of data was breached. Sometimes they will even include credit card numbers or other sensitive data. In this case I really suggest you call up your bank and request a new credit card (just to be safe).
How can I remember all of my passwords?
Well, the neat part is that you don’t need to! There are tools called password managers that will do the job for you: you just need to remember one, only ONE password, the master password, and you are good to go.
When you visit a website, you simply ask your password manager to fill in the login form with your credentials (they even remember the e-mail or username you used on that website).
Nowadays we all have a smartphone resting in our pockets, and many of them luckily have biometric sensors. In that case, you can use your fingerprint or face to unlock your password manager, which is far more secure than any password.
If you want, password managers can also generate really strong passwords for you, which are extremely resistant to brute force attacks (when someone tries to “guess” your password by trying as many combinations as possible), so let your password manager do all the work for you and stop using your cat name or date of birth as your password (seriously, don't do that).
There are literally dozens of password managers and you just need to pick the right one. Here is a list of the best password managers in our opinion:
- Bitwarden: this is a free and Open Source password manager. It has mobile apps, desktop apps, browser extensions and a really polished interface. Just give it a try!
- 1Password: this is not free nor Open Source, but it will cover everything you need! With mobile apps, desktop apps and browser extensions you are good to go! It sets itself apart from others because it has a command line and a lot of extras.
- Enpass: this password manager is a little different from the other because you need to “self-host” your backups. Don’t worry, you can use Google Drive or other similar services. It has a free plan if you only use their desktop app, but you need to pay a subscription if you want to use their mobile app. This is a perfect choice for everyone that wants to handle their data on their own.
Of course, reaching 100% security is never possible, because even some of the most famous password managers were hacked in the past. This doesn't mean that we should stop using them though, because they're currently still the safest method for storing passwords, and despite many people's efforts to find better alternatives to passwords altogether, they are going to continue being the main security method for a long time.
This article is just a small introduction about the vast world of online data privacy and the basic steps to follow when your data gets breached. The more time users spend on a website, the more data it collects. This basically means:
the bigger the website, the yummier it becomes for those data-hungry criminals.
Your job is to make their job hard: first, by using different and strong passwords, and secondly, by changing them if they get compromised.
Alessandro from the Dartmoon team