Categories
Computing Security

Changing my passwords and the danger of old websites

I received a notification yesterday that a forum I frequented many years ago had been hacked and the user database with plain text passwords had been downloaded. Not a great start to my day, but fortunately it didn’t have as major an impact on my security as it might have done before I started using LastPass.

The username and password combination was one that I kept in rotation for various websites back in the day (there’s probably a few other forums that I no longer visit with the same login details) and in fact I still use the username frequently, it is the domain name of this website. The associated email address is one I still operate but is not my primary address and is not the one associated with any of my important online accounts.

However as a result of the breach I have undertaken the task of clearing out LastPass of any redundant entries, also in a bout of paranoia I later changed the password associated with my online banking as it has never been changed since I first set up the account. I don’t believe there was any risk at all regarding my bank account, but you can never be too careful and I was imagining a cascade of minor identity thefts which escalated to the point of being able to access my bank account. Fortunately my bank has two-factor authentication set up on any transfers out of the account so even then it would be extremely difficult to actually make off with any money.

lloydsbank_password_policy

Unfortunately they do not allow spaces, hyphens or special characters in the password and it is restricted to a maximum of 15 characters so the password I chose was not as secure as I’d have liked it to be.

There’s a few lessons to be learned from this going forward.

  1. The most important of which is as with other breaches of this kind this highlights the danger represented by reusing passwords (and also usernames possibly) across different sites.
  2. Websites will quite often become neglected and unused, but if left up on the internet will become more and more vulnerable, and breaches of security and leaks of important data can occur.

By Matt Wharton

Matt Wharton is a dad, vlogger and IT Infrastructure Consultant. He was also in a former life a cinema manager.

Blogging here and at mattwharton.co.uk

Watch our family's vlog at YouTube

Follow me on Twitter