It was just another day in Blondeville – a computer for this, another one for that, one for fun. You know, the usual.
And then – what? What? A scary-looking message from something called “Password Checker” on Chrome (my browser of choice lately, though perhaps not forever) saying “70 Passwords Compromised,” and advising me to take immediate action. 70 passwords? To what? How? When?
First, Chrome has offered, as most browsers do now, a password “locker” that keeps track of your username and passwords. Some sites, notably credit card and banking sites, will also offer a two-step verification (which I highly recommend, though what do I know) which sends a code to your phone —or email, though that seems somewhat iffy as a process if someone has potentially broken into your passwords— so that you have to retrieve a short string of code from your phone and enter it into your logon within a short period of time. But for the majority of passwords to non-lethal platforms, the password storage is handy and useful.
First, I verified that there was in fact a breach warning issued by the browser (there was), because, in fact, this warning could have simply been another phishing attempt: hey user, your passwords have all been compromised, reset them here (with a handy link to the phisher’s own spurious versions of desirable platforms). Once that was assured, I scanned down the list of “compromised” platforms and also checked out the recommended steps to take.
Fortunately for me, the majority of problem passwords were to sites I haven’t visited in, quite literally, years. The few that required attention were easily dealt with, including (just for safety’s sake) a phone call to a customer service number obtained from a bill to allow the representative to manage the changes.
I also followed the link to the recommended set of steps, which suggested that I had devices that had not been connected to “Windows” in a while. “You haven’t used Google on Windows in 166 days. Remove this device so it no longer has access to your account.” This cryptic bit of information simply meant that there was a device (it might be a tablet, a phone, or any other device that could use Windows) that had not been logged on to Windows, though I might still be using it to read or play games or something offline. So, no problem there.
However, as we’ve discussed a time or ten in this column, online security is never to be taken lightly. As noted, when available, the two-step process is a good one to put in place. Yes, it’s annoying to have to get the code from a text, but it’s reassuring. And the beginning of the year, while predictable, is a good time to at least be thinking about resetting passwords. A number of years ago, I recommended the advice of a very computer savvy friend: find a formula that isn’t obvious, then use it to “generate” a password which won’t require you to remember the password – just your formula. Each site’s password will be unique based on your formula’s adaptation to that site’s specifics, and the only “problem” that can occur is when the site has a requirement for a combination of letters, characters, and capitalizations that don’t readily match your formula.
As alarming as the notice was, it was a good reminder to revisit passwords and practices.
Oh, and by the way, if you get a call from a Texas phone number saying “Social security number has been suspected for criminal activities to get more information on this case please call us on our department number 940-304-xxxx. I repeat it 940-304-xxxx. Thank you,” don’t call them. It’s a Robocall.