IMPORTANT: A member gives advice on improving password security
29 November 2016
By Nigel Whitfield, Director at BLUF - Recon member LondonSubNigel
Recently news broke of a massive hack against a company that operates straight dating sites. Back in September, it was revealed that details of as many as 500 million Yahoo accounts had been compromised in 2014. Before that, LinkedIn, Adobe, Ashley Madison and others have been in the news.
It's time for everyone - and especially kinky people - to take passwords seriously.
We don't know too many details yet about the most recent victim, Adult Friend Finder, but whoever's been attacked, the consequences can be disastrous.
In particular, if you use the same password for more than one site, you could be putting not just yourself at risk, but other users of sites like Recon could be potentially exposed.
How does that work?
Imagine someone's obtained your Yahoo password after their hack back in September. They may also have your birthday and other information, as a result of the same hack. Once the information is stolen, it's often offered for sale online, where unscrupulous people can buy it.
If you've used the same password for your online banking as for a site that was hacked, it's not safe anymore. Think that doesn't happen? In November, 20,000 customers of Tesco bank had money taken from their account by hackers.
Whatever else you do, you should always make sure any financial service you use online has a password that you don't use for anything else you do on the internet.
A common habit lots of people have is to take that advice and not use the same password for "important" things like banking as they do for other sites. But, instead of remembering lots of different passwords, they use the same one for lots of the "not important" sites.
You could be putting other people at risk
Perhaps you're "not ashamed to own my kink." That's great – but not everyone is lucky enough to be in the same boat.
You might be wondering exactly what could happen. So, say you've got a kinky Tumblr, which is part of Yahoo. You think it's not "life or death," so you've used the same password for some other sites, including Recon.
Now, if someone has access to your Yahoo password, they also have access to your Recon account. Via that, they can potentially see photos and profiles that are not visible to the public, of people you may not even know. Those people - and their kink interests - have essentially been outed, because of your shared password. Anyone you exchange messages with could have more details exposed, if someone views your inbox.
What can you do?
You might think this is a small enough chance not to worry about, and what can you do anyway? Firstly, I think as kinksters we have a responsibility to look out for each other, including with online privacy, and secondly it's quite simple - and more importantly free - to protect yourself. Start by using good passwords.
For starters, make sure it's hard to guess. So, don't pick the name of your partner, with their birthdate put on the end, for example. Too easy! If a site allows, you can use a long password – perhaps a line of a poem – but not all of them are smart enough for that, and many include restrictions, like making you include punctuation and numbers.
The best way to cope with all these is to use a password manager app. These are programs that work with your web browser, storing (encrypted, so they can't be opened by other people) all your passwords. When you start your computer, you enter the master password for the password manager, to unlock your 'vault.'
Which password manager?
The two most well know password managers are LastPass and 1Password. Both have free versions (on 1Password, for mobile only), but offer more for people who pay. I think the best choice at the moment is LastPass (see link below).
That's because LastPass has just improved their free version, to include syncing between devices, which you used to have to pay for. That means that you can set it up on both your computer at home, and your phone or tablet. Once the password to your Recon account has been saved on the computer, it will automatically be available when you start the Recon app on your phone. You just have to tap once, and the login details are filled in on the app for you.
LastPass - and other password managers - will also create complicated passwords for you. For well known sites, it can change the existing password to a new one with just one click. That makes it easy to have a different password for every site, and all you have to remember is the master password, or a PIN code on mobiles.
In short, a password manager doesn't have to cost you anything, saves you the hassle of remembering and typing passwords, and protects both you and other users of sites you use. Download one today.
Have I been compromised?
As I said at the beginning, here have been many high-profile hacks in recent years, including MySpace, Ashley Madison, Adobe and LinkedIn, with hundreds of millions of people's details compromised, going back years.
A well-known security researcher set up a site called 'Have I Been Pwned', where you can enter your email address, and it will tell you if it is found in the hacked databases from a range of sites. It's a good idea to check there from time to time, and to make sure that you change the password on any sites that have been breached in the past, or where you've used the same password for more than one site. (See below for a link to the site)
A link to the earlier version of this post, with more technical details, can be found below. There's also a link to a Recon Support article that will advise you on how to change your Recon password, should you wish to.