How to build a nest of privacy and security using better passwords

Imagine you’re tucked safely into bed for the night when you hear a stranger’s voice in another room. This happened to a Texas family when a hacker learned their password and took over their Nest camera. They asked Amazon’s Alexa to play Luis Fonsi’s “Despacito.”

This is not an isolated incident. There have been so many hacked Nest accounts that the company was compelled to email people. Nest asked them to take proactive measures to protect their home and family.

The Nest incidents remind us of a stark and continuing reality.  Hackers can access many of your private accounts if they know your email and frequently-used passwords. Password insecurity and password reuse can also lead to more serious consequences, such as identity theft or breached bank accounts.

Practical advice for passwords

Nest, as far as we know, has not been breached, but that is sort of besides the point. So many services have been hacked that there is a robust black market for email addresses and passwords. Bad actors can find them and unleash chaos.

We like this deep dive from Slate if you’re interested in how these markets operate.

Firefox security experts recommend a few steps to prevent unauthorized access to your accounts:

  • Use random passwords, and use a different password for every site
  • Use a password manager to make creating and remembering passwords easier
  • Make your answers to security questions just as strong as your passwords.
  • We recommend using an answer that is NOT the actual answer to the question. It is very easy to find out the mascot at your alma mater, your dog’s name, etc. via publicly available information on social media.
  • Use “two-factor authentication” wherever you can
  • Pay attention to the browser’s security signals, such as the “secure connection” symbol in your search bar.

Protect your security with Firefox Monitor

You can sign up for Firefox Monitor along with the practical steps above.

Firefox Monitor works by checking your email against a database of email addresses known to have been compromised in data breaches. The database is maintained by HaveIBeenPwned.com (HIBP). It’s operated by Troy Hunt, one of the most renowned and respected security experts and bloggers in the world.

We’ve worked closely with HIBP and Cloudflare to create a method of anonymized data sharing for Firefox Monitor, which never sends your full email address to HIBP.

Firefox Monitor also offers recommendations on what to do in the case of a data breach and how to help secure your accounts.

We live in an increasingly connected world and the number and variety of issues associated with insecure passwords and accounts will only increase. Take steps to protect yourself and your family today.