Give yourself 30 minutes to get this all sorted. It's not hard, just follow each part, don't skip any.
The number one way to be hacked is to have a bad password and then to use it (or variations of it) on more than one service. So, to fix your security you:
- Get better passwords
- Don't reuse them
You are going to construct two ππ very strong master keys that are also very memorable. One is to lock your email account, the other locks a digital safe. Then you are going to make throwaway keys for every service you use, put them in the safe, and only unlock it when you need one. You will not be able to remember the throwaway keys but it doesn't matter, you have them. If someone guesses or steals a key from a service then none of the other keys will be compromised. That's how it works.
What that means in practice:
- You create 2 memorable, strong passwords (how to do that is below)
- Use one to secure your email account, it is the most important thing to secure. If an attacker has your email they have everything π±
- Get a password manager and use the other memorable, strong password for it πͺ
- Change your passwords for Instagram, Facebook, Yahoo etc using the password manager.
A nice side-effect is that updating your password in Gmail and Instagram will kick out anyone logged in on another device.
- You'll need a die (dice) π²
- Roll it 5 times.
- Pick the word off the list for that number.
- Do it again, probably at least 5 times is good.
An English word list is here
A Japanese word list is here
For example:
I rollβ¦
14335, that is bulb
41461, that is mug
43553, that is pardon
56214, that is starlight
12152, that is antonym
My master password is bulbmugpardonstarlightantonym.
This would take centuries to crack.
If you don't like the words then roll again, just don't pick them yourself, let the dice choose. If you don't like the format, change it, e.g.
BulbMugPardonStarlightAntonym or bulb-mug-pardon-starlight-antonym, whatever suits you best is best, it's your password!
By the way⦠I showed my mum how to do this, she is over 70, she was worried it wouldn't work, she told me later that it was easy!
You were told never to write down a password, right? That was stupid.
Write it down, put it somewhere safe (not stuck to a screen on a sticky note, actually safe). Write it down again and put it somewhere else, like your mum's house. Soon you will not forget it but don't take chances!
That's right, you'll need two.
One for your email.
One for your safe that will keep all the other passwords.
Again, write it down twice. Keep it in a safe place and give the other copy to your mum to keep somewhere. Lose them and you'll cry π
My second attempt produces:
25555 erupt
52452 ruined
52635 sandal
23164 devious
16136 clerk
I'm going to assume you have a Gmail account.
- Log in
- Go to settings (the cog β in the top right)
- Click See all settings
- Select Accounts and Import then click Change password - you'll be redirected to Google's accounts page
- Just beneath the password section is Ways that we can verify that it's you. Make sure that the settings are correct - has the attacker put their details in?
- Click the password arrow
No one but you is in your email account now π₯³π₯³π₯³
I recommend Bitwarden, it's free, reputable, and lots of people use it (including me). It's more convenient than the Apple Keychain too, in my opinion.
Go to their website and register using the other master password you made.
So in my example I would use eruptruinedsandaldeviousclerk here:
Then download Bitwarden here for phone (and later you'll want to get the desktop client and web browser plugin too).
Next! Log in to Bitwarden on the phone:
Excuse my fat finger attempt, I was trying to take a screenshot π
This is my main screen, yours will be similar (but empty).
Click the plus-sign β in the top right to add your first item. Fill in the name (e.g. "Main Insta account" or just "Instagram", something like that) and your Instagram username.
When you get to password, click on the circular arrows to the right.
Here, Bitwarden will generate a password for you. These are my settings:
Click Select in the top right and it will take you back to the last screen.
Fill in the URI field like so:
Click Save in the top right.
Click Settings in the bottom right.
Then make sure Unlock with Touch ID is enabled.
Click out of Bitwarden and go to the iphone settings:
Go to Passwords & Accounts
Click AutoFill Passwords
I don't use the Keychain, you can use both if you want but I've moved completely to Bitwarden. Either way, make sure Bitwarden is ticked.
You can close the iphone settings now.
Open Instagram, go to your account main page, click the settings π in the top right and then Settings
Select Security
Here you can check the Login activity if you wish. You should see only yourself logged in.
(I've never been to Chiyoda-ku but I'm in Japan, close enough π)
Go back to the Security page.
Click Password
Put in your old (current) password.
Then switch over to Bitwarden (don't use that button on the screen right now, that's for future use, just switch over to the full app) and click on the Instagram entry (it's the only one!)
Then copy the password using the little squares-symbol:
Go back to Instagram and paste it in to the New password and Re-enter new password fields. Hit Save in the top-right.
This will also log out any other devices. You are now safe!!! π₯³π₯³π₯³
If you get this far then let me know and I'll add a section on how to do this (everyone should, in my opinion). If you decide to set it up yourself, never use text messages for this, they're not secure any moreβ¦ π
Go to this service, HaveIBeenPwned and put in your email and/or phone number and it'll tell you if your account has been involved in a service's data breach.
Don't use the password checker service they offer! I do trust this service but not that much - never give out your master passwords!!!!