{"id":62809,"date":"2018-10-01T00:00:00","date_gmt":"2018-10-01T00:00:00","guid":{"rendered":"http:\/\/blog.mozilla.org\/foxtail\/2018\/10\/01\/worried-about-data-breach-protect-passwords\/"},"modified":"2021-02-09T02:10:06","modified_gmt":"2021-02-09T02:10:06","slug":"worried-about-data-breach-protect-passwords","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/en\/firefox\/worried-about-data-breach-protect-passwords\/","title":{"rendered":"Worried about the next data breach? Start by protecting your passwords"},"content":{"rendered":"<p>The longer you\u2019ve lived online, the bigger your digital footprint, and with that comes greater security risks. As internet citizens and people who have accounts with a multitude of different sites, services, apps and products, we, personally, can do little to prevent a data breach. However, there is plenty we can do to protect ourselves in anticipation of one. Much of that protective action comes down to passwords.<\/p>\n<p>Your passwords protect all of the personal information that resides in your online accounts, from bank balances and credit card numbers to your home address and photos of friends and loved ones. Protecting your accounts with good password practices takes some discipline and will sometimes make it harder to log in to your own accounts. But in today\u2019s internet, it\u2019s worth your effort and a little inconvenience to keep your online life safer.<\/p>\n<p>Passwords are so valuable that thousands of passwords are stolen every day and accounts are traded on the black market. Take these straightforward steps to protect yours.<\/p>\n<h2>Use a different password for every account<\/h2>\n<p><b>You can&#8217;t prevent a data breach, but you can limit your exposure by always using different passwords for different websites.<\/b><\/p>\n<p>If a site you use has been breached, change your password right away. When an attacker steals the password database for a site that you use (like<a href=\"https:\/\/blog.linkedin.com\/2012\/06\/06\/linkedin-member-passwords-compromised\"> LinkedIn<\/a> or<a href=\"https:\/\/www.wired.com\/2016\/12\/yahoo-hack-billion-users\/\"> Yahoo<\/a>), there\u2019s nothing you can do but change your password for that site. That\u2019s bad, but the damage can be much worse if you\u2019ve re-used that password with other websites \u2014 then the attacker can access your accounts on those sites as well. To keep the damage contained, always use different passwords for different websites.<\/p>\n<h2>Create strong passwords<\/h2>\n<p><b>The longer and harder to guess your password is, the harder it will be to steal.<\/b><\/p>\n<p>The secret to preventing guessing, theft or password reset is a whole lot of randomness. When attackers try to guess passwords, they usually do two things: use <a href=\"https:\/\/en.wikipedia.org\/wiki\/List_of_the_most_common_passwords\">lists of common passwords<\/a> that people use all the time and make random guesses. The longer and more random your password is, the less likely that either of these guessing techniques will find it. Password managers can help ensure your passwords are truly random (see below.)<\/p>\n<p><a href=\"https:\/\/monitor.firefox.com\/?utm_source=internet-citizen&#038;utm_medium=blog&#038;utm_campaign=password-tips&#038;utm_content=small-promo\"><img decoding=\"async\" loading=\"lazy\" class=\"aligncenter size-full wp-image-989\" src=\"http:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2018\/09\/monitor-screen.png\" alt=\"\" width=\"1200\" height=\"230\" \/><\/a><\/p>\n<h2>Make strong security questions<\/h2>\n<p><b>Websites only care about consistency of answers, not accuracy. Give answers to the security questions that are long and random or not easily guessable, like your passwords.<\/b><\/p>\n<p>If you\u2019ve forgotten your password, some sites make you answer security questions before you can reset it. The answers to these questions need to be just as secret as your password. Otherwise, an attacker can guess the answers and set your password to something they know.<\/p>\n<p>Randomness can be a problem, since the security questions that sites often use things people know or can learn about you, like your birthplace, your birthday or your relatives\u2019 names. The good news is that websites don\u2019t care if your answers are accurate, so you can give answers to the security questions that are long and random, like your passwords.<\/p>\n<p>If the security question is <i>What was the make of your first car?<\/i>, instead of providing the answer <i>Toyota Camry<\/i>, try an unrelated random answer like <i>M3yolVMSoh17pCs4bf (My 3 yo likes Vermont Maple Syrup on her 17 pancakes for breakfast)<\/i>.<\/p>\n<h2>Use a password manager<\/h2>\n<p><b>Password managers can generate strong passwords for you and fill them into websites so you don&#8217;t have to type them in.<\/b><\/p>\n<p>These tips may seem overwhelming, but there are tools that can help. Password managers like<a href=\"https:\/\/1password.com\/security\/\"> 1Password<\/a>,<a href=\"https:\/\/www.lastpass.com\/\"> LastPass<\/a>, <a href=\"https:\/\/www.dashlane.com\/\">Dashlane<\/a> or <a href=\"https:\/\/lockbox.firefox.com\/\">Firefox Lockbox<\/a> can generate strong passwords for you, remember them for you, and fill them into websites so you don\u2019t have type them in. Many can even store the long, random answers to your security questions, in case you need to reset your accounts. There are risks in using password managers, since they create a database that has all your passwords in it. That is why you need to still use a very strong \u201cmaster password\u201d or long passphrase that will be used to encrypt your data in the password manager.<\/p>\n<h2>Use two-factor authentication<\/h2>\n<p><b>Websites that offer two-factor authentication (also known as 2FA) allow you to use your phone to confirm login attempts.<\/b><\/p>\n<p>The other major step you can take to protect your account is to add a \u201csecond factor\u201d to the login process. In most cases, the second factor is tied to your phone, which means that even if an attacker has your password, they can\u2019t log in to your account unless they also have your phone. (And vice versa \u2014 if your phone gets stolen, they can\u2019t log in unless they get your password.) Websites that offer two-factor authentication (also known as 2FA) \u00a0provide instructions, but it usually involves entering your phone number or scanning a barcode with a special app. Then, when you log in, the website will ask you for a code from your phone.<\/p>\n<h2>Sign up for data breach alerts from Firefox Monitor<\/h2>\n<p><b>We can help you learn if your account information is compromised in a data breach or exposed to hackers in some other way.<\/b><\/p>\n<p><a href=\"https:\/\/blog.mozilla.org\/blog\/2018\/09\/25\/introducing-firefox-monitor-helping-people-take-control-after-a-data-breach\/\">Firefox Monitor<\/a> was created in partnership with renowned security expert <a href=\"https:\/\/blog.mozilla.org\/internetcitizen\/2017\/05\/29\/password-data-breach\/\">Troy Hunt<\/a> and his site, HaveIBeenPwned.com. When you <a href=\"http:\/\/monitor.firefox.com\/\">do the initial scan<\/a>, Firefox Monitor will warn you if your credentials have been compromised by comparing it to the public breach data in the system. After that, you\u2019ll have the option to sign up for future alerts.<\/p>\n<p>It\u2019s important to know that not all breach datasets are available for us to scan. If a site reported a data breach yesterday, the data may not be available for inclusion in Monitor. If you have an account, and you\u2019ve heard about a breach, check your inbox for emails from the company. Or even better, consider changing your password, just to be safe.<\/p>\n<p><a href=\"https:\/\/monitor.firefox.com\/?utm_source=internet-citizen&#038;utm_medium=blog&#038;utm_campaign=password-tips&#038;utm_content=large-promo\"><img decoding=\"async\" loading=\"lazy\" class=\"aligncenter size-full wp-image-996\" src=\"http:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2018\/10\/firefox-monitor.png\" alt=\"\" width=\"1400\" height=\"788\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The longer you\u2019ve lived online, the bigger your digital footprint, and with that comes greater security risks. As internet citizens and people who have accounts with a multitude of different sites, services, apps and products, we, personally, can do little to prevent a data breach. However, there is plenty we can do to protect ourselves [&hellip;]<\/p>\n","protected":false},"author":727,"featured_media":20994,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[30,289374],"tags":[322062],"coauthors":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Worried about the next data breach? Start by protecting your passwords | Mozilla The Mozilla Blog<\/title>\n<meta name=\"description\" content=\"There is little you can do to prevent a data breach. However, there is plenty you can do to protect yourself before they happen.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/en\/firefox\/worried-about-data-breach-protect-passwords\/\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/en\/firefox\/worried-about-data-breach-protect-passwords\/\",\"url\":\"https:\/\/blog.mozilla.org\/en\/firefox\/worried-about-data-breach-protect-passwords\/\",\"name\":\"Worried about the next data breach? Start by protecting your passwords | Mozilla The Mozilla Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.mozilla.org\/en\/firefox\/worried-about-data-breach-protect-passwords\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.mozilla.org\/en\/firefox\/worried-about-data-breach-protect-passwords\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2018\/10\/FX_Safe_Full-Color_3840x1500-scaled.jpg\",\"datePublished\":\"2018-10-01T00:00:00+00:00\",\"dateModified\":\"2021-02-09T02:10:06+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/en\/#\/schema\/person\/5c987afc4f606be73692d2acfdd1316c\"},\"description\":\"There is little you can do to prevent a data breach. However, there is plenty you can do to protect yourself before they happen.\",\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/en\/firefox\/worried-about-data-breach-protect-passwords\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/en\/firefox\/worried-about-data-breach-protect-passwords\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/en\/firefox\/worried-about-data-breach-protect-passwords\/#primaryimage\",\"url\":\"https:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2018\/10\/FX_Safe_Full-Color_3840x1500-scaled.jpg\",\"contentUrl\":\"https:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2018\/10\/FX_Safe_Full-Color_3840x1500-scaled.jpg\",\"width\":2560,\"height\":1000},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/en\/firefox\/worried-about-data-breach-protect-passwords\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Worried about the next data breach? Start by protecting your passwords\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/en\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/en\/\",\"name\":\"The Mozilla Blog\",\"description\":\"News and Updates about Mozilla\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/en\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/en\/#\/schema\/person\/5c987afc4f606be73692d2acfdd1316c\",\"name\":\"M.J. Kelly\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/en\/#\/schema\/person\/image\/70718b02fa9f11d88288b937f1da2ac1\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d61ff6a9eb6dd324df20cb773e6c416e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d61ff6a9eb6dd324df20cb773e6c416e?s=96&d=mm&r=g\",\"caption\":\"M.J. Kelly\"},\"description\":\"Mozilla Communications\",\"url\":\"https:\/\/blog.mozilla.org\/en\/author\/mjkellymozilla-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Worried about the next data breach? Start by protecting your passwords | Mozilla The Mozilla Blog","description":"There is little you can do to prevent a data breach. However, there is plenty you can do to protect yourself before they happen.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/en\/firefox\/worried-about-data-breach-protect-passwords\/","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/en\/firefox\/worried-about-data-breach-protect-passwords\/","url":"https:\/\/blog.mozilla.org\/en\/firefox\/worried-about-data-breach-protect-passwords\/","name":"Worried about the next data breach? Start by protecting your passwords | Mozilla The Mozilla Blog","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.mozilla.org\/en\/firefox\/worried-about-data-breach-protect-passwords\/#primaryimage"},"image":{"@id":"https:\/\/blog.mozilla.org\/en\/firefox\/worried-about-data-breach-protect-passwords\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2018\/10\/FX_Safe_Full-Color_3840x1500-scaled.jpg","datePublished":"2018-10-01T00:00:00+00:00","dateModified":"2021-02-09T02:10:06+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/en\/#\/schema\/person\/5c987afc4f606be73692d2acfdd1316c"},"description":"There is little you can do to prevent a data breach. However, there is plenty you can do to protect yourself before they happen.","breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/en\/firefox\/worried-about-data-breach-protect-passwords\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/en\/firefox\/worried-about-data-breach-protect-passwords\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/en\/firefox\/worried-about-data-breach-protect-passwords\/#primaryimage","url":"https:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2018\/10\/FX_Safe_Full-Color_3840x1500-scaled.jpg","contentUrl":"https:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2018\/10\/FX_Safe_Full-Color_3840x1500-scaled.jpg","width":2560,"height":1000},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/en\/firefox\/worried-about-data-breach-protect-passwords\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/en\/"},{"@type":"ListItem","position":2,"name":"Worried about the next data breach? Start by protecting your passwords"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/en\/#website","url":"https:\/\/blog.mozilla.org\/en\/","name":"The Mozilla Blog","description":"News and Updates about Mozilla","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/en\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/en\/#\/schema\/person\/5c987afc4f606be73692d2acfdd1316c","name":"M.J. Kelly","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/en\/#\/schema\/person\/image\/70718b02fa9f11d88288b937f1da2ac1","url":"https:\/\/secure.gravatar.com\/avatar\/d61ff6a9eb6dd324df20cb773e6c416e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d61ff6a9eb6dd324df20cb773e6c416e?s=96&d=mm&r=g","caption":"M.J. Kelly"},"description":"Mozilla Communications","url":"https:\/\/blog.mozilla.org\/en\/author\/mjkellymozilla-com\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/posts\/62809"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/users\/727"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/comments?post=62809"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/posts\/62809\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/media\/20994"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/media?parent=62809"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/categories?post=62809"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/tags?post=62809"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/coauthors?post=62809"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}