I tend to avoid installing a lot of apps or do banking or purchases on my phone. How do you decide if an app can be trusted?
Doesn’t look like the app is to blame.
Probably used the same username and password as he used on another site or service, which was leaked.
Check http://haveibeenpwned.com and if your address shows up, then your password and email combo may be compromised.
Don’t use the same username and password on multiple sites.
Good advice! It’s been awhile since I’ve changed my passwords on Netflix, Ebay, Amazon, and Paypal. Done.
So some advice on passwords. Because I always tell people that there’s a continuum between convenient and secure.
Convenient <--------------------------------------> Secure
Using the same password on a bunch of sites is convenient. But it’s not very secure.
Using a completely different password on every site is more secure. Add in two-factor and it’s even more secure. But then it’s not very convenient.
So we look for something in between.
For most, it’s probably a password manager. There are a lot of good ones out there. Some are free.
For others, even if you do want to ue the same password on every site, at least make it unique in some way. This isn’t ideal, but at the very least it will defeat the automated attacks that lead to hamburglars (and more famously, how you can get cheap hacked Dominos Pizza for cheap).
The way these things work, is that someone finds a big dump of e-mail addresses and passwords from one site (say, LinkedIn), and uses a program to try them all on other services (gmail, facebook, mcdonalds, etc). It’s all automated, and a hacker can check hundreds of thousands of accounts relatively quickly. If any of them work, they get sorted into the “works!” pile. The ones that don’t get deleted or flagged as “don’t work.” Why waste time on the “don’t work” pile?
Well, you want your stuff to be in the “don’t work” pile.
So let’s say your password that you use on all you accounts is
Not a great password. But on the convenient-secure continuum, it’s pretty convenient. You only need to remember one password.
To make it a bit more secure, and to make sure automated attacks don’t work, just add something for each site.
For example, on facebook, your password would be
and on the McDonald’s App:
It’s not ideal, because anybody looking at that manually will figure out your pattern. But it will resist the automatic attacks that are described in the Macdonalds app attack above. You’ll end up in the “doesn’t work” pile of accounts.
Great tips, MiG! My four new passwords are on the secure side of things, and they’re all completely unique.
Your tips are helpful, MiG. I changed my Google account password yeasterday; I had that password for too long.
If you ever want to take the next step, it’s to use a password manager.
Interesting video! Thanks, MiG.
Are password managers operating system agnostic? That is, would they work with Linux and or BSD? Or do you need to install a password manager program for Windows or OS X?
1Password is an example of a cross-platform password manager. Works with plugins or extensions for browsers, as well as OS-level apps (iOS, Android). Even a command-line version.
I just the built-in Apple iCloud Keychain. That works on my Macs and my iOS devices, which is enough for me. And it’s free.