Over the last decade, the gig economy boom has allowed professionals worldwide to switch to freelancing and build a network of international clients.&nbsp;
According to Upwork, 1 in 3 US workers engaged in freelance work during 2020. Some of the most successful freelancers earn hundreds of thousands of dollars per year through platforms like Upwork, Freelancer, and Toptal.
&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;
Does your company hire freelancers? How do you <a href="https://teampassword.com/blog/should-i-share-data-with-freelancers">share passwords with freelancers</a>? TeamPassword is an affordable password management solution for small businesses, startups, and agencies to share credentials securely with team members and freelancers. <a href="https://app.teampassword.com/dashboard#signup/testimonial">Sign up for a 14-day free trial</a> today.
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;
<h2>10 Successful Freelancers</h2>
Here are ten successful freelancers and what they do. These freelancers have earned their place as experts in their given field with excellent track records&mdash;many have worked with the biggest companies in the world!
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
<h3>1. Marcos Rezende - UX designer - Canada</h3>
Marcos Rezende is a UX Designer from Ontario, Canada, with more than 13 years of experience. Marcos has worked in over 30 industry sectors for multinational organizations in the United States, Canada, Germany, and Brazil.&nbsp;
Some of Marcos' notable projects include apps for Ontario's COVID-19 dashboard, Urban Master Planning collaboration platform, and Reaction (kid's e-learning app), to name a few.&nbsp;
Marcos loves sharing his industry expertise with aspiring UX designers and regularly writes for the popular UX publication Career Foundry. Total recognizes Marcos as part of its "Top 3%" of global freelancer talent&mdash;a title given to elite freelancers in their given field.
We don't have access to Marcos' rates, but the best UX designers on Upwork earn upwards of $100 per hour. As a Toptal Top 3% freelancer, Marcos likely charges $200-$300 per hour.
<a href="https://www.marcosrezende.com/">Marcos Rezende's website</a> was nominated for the prestigious <a href="https://www.awwwards.com/sites/ux-portfolio-marcos-rezende">awwwards.</a> in 2021.
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
<h3>2. Kathy Edens - Marketing Consultant / Freelance Copywriter - United States</h3>
<a href="https://www.upwork.com/freelancers/~016177d19f0624c1a7?viewMode=1">Kathy Edens is a Top Rated Upwork Freelancer</a> with over $300k platform earnings! Kathy has been self-employed as a marketing consultant and freelance copywriter for almost ten years from her home in Ohio, United States.
She holds a Bachelor of Science in Professional Writing and Psychology from Oregon State University, which she says "...helps me understand how to reach your target audience with words."&nbsp;
Kathy has ghost-written several non-fiction books on various topics, including social entrepreneurship, healthcare, real estate investing, and the cannabis industry, to name a few.
Kathy also writes web content, sales pages, email marketing content, case studies, white papers, brochures, press releases, and more. Kathy's rates start at $86 per hour for her writing and marketing services.
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;
<h3>3. Koen van Oeveren - UX designer - Netherlands</h3>
Koen van Oeveren is a freelance UI &amp; UX designer from North Brabant, Netherlands, with almost ten years of experience. Koen works with several design agencies in the Netherlands, designing apps, websites, and eCommerce experiences for many international brands.&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
Koen holds a Bachelor of Applied Science in Communication and Multimedia Design from Avans University in the Netherlands. Koen's <a href="https://www.koenvo.com/index.html">portfolio website Koenvo</a> was nominated for a <a href="https://www.awwwards.com/sites/koenvo-ui-ux-portfolio">2021 awwwards. Award</a>.
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;
<h3>4. Pascal Strasche - Product / UX designer - Germany</h3>
Pascal Strasche is a product and UX designer with more than ten years of design experience from Germany. He holds a Master of Arts in Interaction Design and a Bachelor of Arts in Graphic Design, both from HAWK University of Applied Sciences and Arts.
For almost a year over 2020/2021, Pascal worked as the sole product designer to design Con Cubo's SaaS tool that helps complex organizations visualize and manage teams. He's also worked with German steel giant XOM Materials to find product solutions to digitalize&nbsp;Germany's steel industry.&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
In 2019, Pascal founded Product Design Resources, a growing archive of 800+ design resources, weekly updated for the design community.
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
<h3>5. Paul Hunkin - Developer - New Zealand</h3>
Paul Hunkin is a freelance software consultant and developer from Tauranga, New Zealand, but currently living in Portugal.&nbsp;
Paul has over ten years of experience as a software developer with an impressive work history, including Google, NASA, InfoSys, and the Chinese aerospace industry leader COMAC.
He's worked with several early-stage startups designing everything from high-performance big-data systems to complex web applications to 3D rendering engines. He's also built a lot of the foundational code for independent games on Android.&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;
Paul is a Top Rated Upwork Freelancer with over $400k in platform earnings. His rates start at $120 per hour for software development. <a href="https://paulh.consulting/">Check out Paul's website</a> for more about his impressive portfolio and work history.
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
<h3>6. Jana Galat - Writer / Brand Strategist - Canada</h3>
Jana Galat is a freelance copywriter and brand strategist from Ontario, Canada. She holds a Bachelor's Degree in Management and Organizational Studies from King's University College and an Honors in Business Administration from Western University.
Jana has extensive experience writing landing pages, email campaigns, social media ads, and print materials and says, "I am obsessed with creating copy that sells..."
After several years of professional work experience, Jana went freelance in 2019 and has quickly built a reputation as a <a href="https://www.upwork.com/freelancers/~01bfa17a48301876dd">Top Rated Upwork Freelancer</a> with over $70k in platform earnings. Jana's rates start at $100 per hour for copywriting and brand consulting.
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
<h3>7. Padcha Uaarisakkul - Brand / Creative Consultant - United States</h3>
Padcha Uaarisakkul is a freelance brand and creative consultant from Los Angeles, United States. Padcha worked at The Walt Disney Company for six years, where she managed Licensing &amp; Brand Partnerships for Pixar.
She holds a Master's degree, Marketing Communications from the University of Southern California and a Bachelor of Arts (BA), Advertising from California State University.
Padcha's skillset includes brand strategy, creative concepting, marketing communications, pitch development, and design&mdash;specializing in consumer packaged goods, entertainment, nonprofit, startup, and tech.
Padcha is a Top Rated Upwork Freelancer, and her rates start at $120 per hour. You can find out more about Padcha on her <a href="https://www.padcha.me/">website</a> and <a href="https://www.linkedin.com/in/padcha/">LinkedIn page</a>.
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
<h3>8. Xhensila Zemblaku - Art Director - Canada</h3>
Xhensila Zemblaku is a freelance art director, UX/UI designer, and illustrator from Markham, Canada. She holds a Bachelor of Fine Arts from Ryerson University with almost ten years of experience.
Xhensila has been a freelancer for most of her professional career and earned over <a href="https://www.upwork.com/freelancers/~01a08d1fcc6ea8fbcb">$400k on Upwork</a>, completed over 150 jobs, and 4,663 hours!&nbsp;
Xhensila's work includes typography, print design, UX/UI design, web, and mobile design. She's a Top Rated Upwork Freelancer currently charging $200 per hour for various creative gigs.
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
<h3>9. Tanya Litvinova - UX/UI Designer - United States</h3>
Tanya Litvinova is a freelance UX/UI designer from New York City, United States. She holds a Bachelor of Fine Arts in Advertising Design / Communication Design from the Fashion Institute of Technology.
Tanya specializes in product, mobile, and web design as well as user experience flow, research, and validation.
"I have a passion to make the complex simple, shape behavior, design, plan, and strategize. Aiming for the best user experience, all the while balancing the needs of business and technology to create engaging, habit-forming digital products."
Tanya has worked with Fortune 100 &amp; Fortune 500 companies and successfully delivered business-transforming data-driven analytics, responsive BI dashboards, enterprise web apps, and management systems. Some of Tanya's notable clients include KOCH Industries, BlackRock Financial, BCG Group, and FireEye, to name a few.
<a href="https://www.upwork.com/freelancers/~0165035041b26e96df">Tanya is a Top Rated Upwork Freelancer</a> with more than $200k platform earnings. Her current rate starts at $162.50 per hour.
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
<h3>10. Guangming Lang - Data Scientist - United States</h3>
Guangming Lang is a freelance data scientist from Michigan, United States. He holds a Bachelor of Arts in Mathematics from New College of Florida and a Master of Science in Biostatistics from the University of Michigan. Guangming has also completed several Coursera courses in data science and machine learning.
Guangming has been a freelancer since 2013 and has worked across several industries, including fintech, trading, medicine, biotech, advertising, and HR.&nbsp;
Guangming is a Top Rated Upwork Freelancer with over $400k in platform earnings. He's completed 216 jobs on Upwork totaling 3,805 hours! Guangming's current rates start at $200 per hour.
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;
<h2>Secure Freelancer Workflows With TeamPassword</h2>
No matter how talented or reputable the freelancers and contractors you hire, your company must use secure workflows to protect your digital assets.
Freelancers often need access to shared accounts and tools. Using a <a href="https://app.teampassword.com/dashboard#signup/testimonial">password manager</a> is the first step to securing these accounts and platforms. You can also use a password manager to share credentials with employees, clients, and other stakeholders to ensure you never expose raw passwords via email, spreadsheets, chat apps, and other non-secure methods.
<a href="https://app.teampassword.com/dashboard#signup/testimonial">TeamPassword</a> lets you create groups to share access with only those who need it. When they're done, revoke access with a single click. No need to change passwords every time someone leaves the team.
If you do need to change a password, TeamPassword's built-in <a href="https://teampassword.com/password-generator">password generator</a> lets you create secure passwords between 12-32 characters using numbers, letters (uppercase/lowercase), and symbols.
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;
Ready to onboard clients and freelancers securely with TeamPassword's robust <a href="https://app.teampassword.com/dashboard#signup/testimonial">password management solution</a>? <a href="https://app.teampassword.com/dashboard#signup/testimonial">Sign up for a free trial</a> to secure your company's digital assets today!

Here are ten successful freelancers and what they do. These freelancers have earned their place as experts in their given field.

Here are ten successful freelancers and what they do. These freelancers have earned their place as experts in ...

10 extremely successful freelancers and what they do

Here are ten successful freelancers and what they do. These freelancers have earned their place as experts in their given field with excellent track records—many have worked with the biggest companies in the world!

<a href="https://www.mckinsey.com/industries/real-estate/our-insights/americans-are-embracing-flexible-work-and-they-want-more-of-it" rel="follow noopener" target="_blank">Remote work is becoming more popular</a> than ever. Employers realize the cost-saving and productivity-boosting benefits of having their teams out of the office and working from their homes, and things seem to be going well. However, one issue that continues to plague remote teams is the possibility of cybercrime and data breaches. Hackers know that remote employees are often not as equipped to thwart attacks and target them with a vengeance.&nbsp;
The solution is for management and administration to train and educate their teams on cybersecurity. Talk to your employees about what they can do to protect their company and the customers' data from the machinations of cybercriminals.&nbsp;
Let&rsquo;s get specific on how you will make this happen.
<h2>Cybersecurity Training Is Key</h2>
To start your team off on the right foot, your company should incorporate an extensive cybersecurity training program into your employee orientation schedule. This will give them the training they need from day one. <a href="https://www.wizer-training.com" rel="follow noopener" target="_blank">Wizer</a> is a great tool that provides effective and thorough cybersecurity training for teams.&nbsp;
<h3>Explain the Consequences of a Cyberattack</h3>
Remote employees have the best of intentions but may not realize the stakes of a breach at your organization. When working from the comfort of home, cyberthreats seem distant and it&rsquo;s easy to forget that anyone can be the weak link that allows a cyberattack to succeed.
During instruction, give the team a clear picture of what your organization and the individuals on your team will face if a breach does occur. Common consequences resulting from a breach are:
<ul>
<li style="font-weight: 400;" aria-level="1">Reputational damage to the corporation that leads to job loss</li>
<li style="font-weight: 400;" aria-level="1">Corporate responsibility for millions of dollars of damages and fines resulting in lay-offs</li>
<li style="font-weight: 400;" aria-level="1">Legal repercussions that force the company to close its doors</li>
</ul>
The point is that cybersecurity is the responsibility of every employee, from the CEO to the mailroom clerk, and it&rsquo;s in everyone&rsquo;s best interest to protect the company and its future.&nbsp;
<img src="https://cdn.buttercms.com/hvd8k1uISfeNd3yLAaud" alt="undefined" width="757" height="473" />
<h3>Confirm Employees&rsquo; Understanding</h3>
Once their cybersecurity training is complete, every employee should sign off on a memo stating that they understand the crucial nature of what they learned and may be held responsible if they fail to report a potential threat.
<h3>Revisit and Refresh Cybersecurity Training</h3>
Cybersecurity training is not one-and-done. As vulnerabilities get patched and people become wiser to common scams, cybercriminals adapt accordingly with ever more sophisticated attacks. When your IT team learns of a new cyber threat, management should require all employees to undergo supplemental training that prepares them to handle it appropriately.
<h3>Report Attempted Attacks</h3>
Every organization should have a designated cybersecurity point of contact. Ideally, this will be someone who has a background in cybersecurity or has at least taken additional training in cybersecurity best practices. When an employee receives a suspicious email or other suspected cyberattack, they should let the internal point of contact know immediately.&nbsp;
Employees can also help make the internet safer by reporting phishing attacks to organizations like the <a href="https://apwg.org/reportphishing/" rel="follow noopener" target="_blank">Anti-Phishing Working Group (APWG)</a> by forwarding phishing attack emails to <a href="mailto:reportphishing@apwg.org" rel="follow noopener" target="_blank">reportphishing@apwg.org</a>. APWG, and groups like them, analyze and share data from reports to help stop cybercriminals before they can victimize others.&nbsp;
<h2>Talk About Sharing Data</h2>
Now that your remote team members understand the big picture, teach them where their data is shared and how to properly access, share, and use it to minimize risk.&nbsp;
<h3>Sharing Data on the Cloud</h3>
Almost all companies now use some form of cloud storage or service. A common example for most of us is our email account. Take Gmail: Google has floor space for servers and hardware and maintains all the software that allows you to log into your account from anywhere. Gmail is an example of a public cloud.&nbsp;
Your team should know the <a href="https://businessdegrees.uab.edu/blog/private-public-and-hybrid-clouds-whats-the-difference/" rel="follow noopener" target="_blank">differences between public, private, and hybrid clouds</a> and the associated risks in using each. Your IT department may have different policies for each type of service.
Public accounts are generally the least expensive but are also the least secure. A third party such as Google, Amazon, or Microsoft handles maintenance which frees up your IT team&rsquo;s time. In return, you sacrifice security and control.
Private servers are owned and maintained by a private organization. They offer your team greater security and flexibility, but the price can be prohibitive.&nbsp;
Hybrid cloud accounts are a combination of both public and private. An organization may use a public cloud for email but restrict sensitive data to a private cloud.&nbsp;
It is important to inform your teams that even with some protection on the cloud, they still need to keep watch for scams and inform management if they see anything suspicious.&nbsp;
<h3>User Access&nbsp;</h3>
Remote employees should know that not everyone in the organization is entitled to see and use the same data. Every employee should only have access to what they need to do their jobs and should not share information unless they are given the approval to do so.&nbsp;
To make this process easier to understand, consider creating an <a href="https://www.lucidchart.com/pages/tutorial/organizational-charts" rel="follow noopener" target="_blank">organizational chart</a> that includes the title and clearance level of every employee. That way, when in doubt, your team can refer to the organizational chart and see what sensitive information can be passed to which team members.&nbsp;
<h2>Create and Follow Smart Security Practices</h2>
<h3>Off-Board Employees Properly</h3>
Note to management: when an employee leaves your organization, you must revoke their system access so an upset former worker can&rsquo;t get in and steal or manipulate your data. Having strong off-boarding procedures will simplify this process, while tools like a password manager can make it even easier.&nbsp;
<h3>Make Training Best Practices into Company Policy</h3>
When your team works remotely, it is difficult to monitor all of their computers for potential threats. Management should advise their teams of the strategies they must implement to protect their devices and their data at all times. Use the cybersecurity training you provide to establish clear policies and procedures everyone can follow. And revisit these regularly.
<h2>Use the Right Tools</h2>
<h3>Save Data on Backup Servers</h3>
In addition to keeping all corporate information on the main server, you should also have backup servers so that you can restore your information immediately in the event of a virus or ransomware attack. Don&rsquo;t forget to inform your team that the company&rsquo;s information is backed up; it can help put their mind at ease.
<h3>Invest in a Password Manager</h3>
Give your team a password manager to make it easy for everyone to use complex passwords that include a combination of upper and lower case letters, numbers, and special characters. <a href="https://teampassword.com/blog/how-to-build-a-passphrase" rel="follow noopener" target="_blank">Building a strong passphrase</a> can also give them extra protection. Also, let them know the<a href="https://teampassword.com/blog/the-importance-of-responsible-password-management" rel="follow noopener" target="_blank"> importance of responsible password management</a>, including keeping passwords in encrypted environments and never sharing them via unsecured platforms such as email.&nbsp;
Managing passwords and logins can be a big hassle for busy companies with remote workers. At TeamPassword, we believe that passwords should be secure, easy to access, and, most importantly, reliable. Our easy-to-use, encrypted environment allows you to create, update, and access passwords anywhere. Your passwords are divided into different folders called Groups, so employees only see what they need.&nbsp;
<img src="https://cdn.buttercms.com/W06bJ4BSoCDG7A7bhQ8Q" alt="undefined" width="535" height="474" />
Managing permissions for individual team members is a breeze. Should the time come that you need to revoke a user&rsquo;s access to all of your passwords, you can do so with the click of a button. Then, use the built-in password generator to create new strong passwords for every login.
<a href="https://teampassword.com/password-generator" rel="follow noopener" target="_blank"><img src="https://cdn.buttercms.com/rAqIb5pdSBWEHxSGdpRT" alt="undefined" width="786" height="387" /></a>
<h3>Use a Virtual Private Network (VPN)</h3>
Employees who leave their homes to work at public places like coffee shops or restaurants need to be advised about the importance of not misplacing their devices and not logging onto public Wi-Fi unless they know it is a legitimate connection and not a fake network set up by a hacker. The best way to be sure is to ask an employee at the establishment. They should also install a virtual private network on their device; the VPN will automatically encrypt their information so it cannot be used even if it is stolen.
<h3>Install Anti-Virus Software</h3>
Finally, express the importance of installing and using up-to-date antivirus software on their systems. Employees should run scans multiple times weekly to catch an issue before it ravages their system. Your IT team should always ensure that your teams are updated to the newest version of their antivirus program, so they can be protected against the latest threats.
<h2>Conclusion</h2>
In the end, protecting the company against cyber threats is a team effort. Educating your remote employees about good cybersecurity is in everyone&rsquo;s best interest. Implement these tools and training, and keep your organization secure against cyberattacks.

Remote work is more popular than ever, but companies struggle to train and equip remote employees to respond appropriately to cyberattacks.

Remote work is becoming more popular than ever. Employers realize the cost-saving and productivity-boosting benefits of having their ...

How to Talk to Remote Employees About Cybersecurity

Remote work is becoming more popular than ever. Employers realize the cost-saving and productivity-boosting benefits of having their teams out of the office and working from their homes, and things seem to be going well. However, one issue that continues to plague remote teams is the possibility of cybercrime and ...

For many of us, platforms such as Slack, Telegram, and social media have eclipsed our email address as the home base from which all our online communication happens. Nonetheless, to sign up for their services, these platforms require one thing in common: our email.
Email is still considered an authoritative source of identity check. It is used for password resets, 2FA authorization, backup verification for other emails&hellip;the list goes on. Friends and family don&rsquo;t think twice when they receive an email from you unless the content is demonstrably suspicious.
Recent reports show that <a href="https://www.usnews.com/news/business/articles/2022-04-09/accounts-deceivable-email-scam-costliest-type-of-cybercrime" rel="follow noopener" target="_blank">email scam is the costliest type of cybercrime</a>, with nearly $2.4 billion being stolen in 2021 alone. Part of the reason for its success relative to other scams and cybercrimes is that email scam has become quite sophisticated. We know to hang up the phone when "Microsoft Support" calls to get remote access to our laptop so they can remove that virus that we didn't know we had.&nbsp;
We&rsquo;re going to cover 5 nefarious things hackers can do with your email address, and 5 actions you can take right now to protect yourself.&nbsp;
<h2>5 ways a hacker can exploit your email address</h2>
We spread our email addresses across the web each time we create an account or communicate online. Soon, they disappear beyond our knowledge or reach, either because we forget to whom we&rsquo;ve given them or through leaks and breaches. We think of our email address as something fairly public; it's hard to do anything online without it.&nbsp;
Once you understand how your email can be exploited, you&rsquo;ll be equipped to use the tips at the end of this article to keep yourself safe.
Cybercriminals have plenty of reasons to want your email. As Mika Aalto told Spiceworks, &ldquo;<a href="https://www.spiceworks.com/it-security/security-general/news/experts-on-cybersecurity-awareness-month/#:~:text=based%20Phishing%20Campaigns-,Email%20security,-Mika%20Aalto%2C%20the" rel="follow noopener" target="_blank">Every breach begins with a malicious email</a>.&rdquo;&nbsp;
<h3>1. Spoof your email address to scam friends and family</h3>
Email spoofing is when a scammer uses code to manipulate the header of the email to show a legitimate domain, even though the email did not come from that domain. The term &ldquo;spoofing&rdquo; is sometimes also used to describe look-alike emails that are designed to deceive the recipient, such as support@rnicrosoft.com. Unless you&rsquo;re consciously checking the From address when you receive an email, there&rsquo;s a chance your brain auto-corrected the &ldquo;r&rdquo; and &ldquo;n&rdquo; into an &ldquo;m&rdquo;. And that&rsquo;s exactly what the scammer wants.
This <a href="https://apps.timwhitlock.info/unicode/inspect" rel="follow noopener" target="_blank">unicode inspector</a> is a great tool to catch look-alike foreign characters and other trickery. 
Here&rsquo;s another example: you get an email from your friend, lan@example.com.&nbsp;
Now, email providers show email addresses in lowercase, but our brain is unlikely to be suspicious of a capitalized name. Pasting the email into the unicode inspector, however, reveals that it&rsquo;s a lowercase &ldquo;L&rdquo;, not an &ldquo;i&rdquo;.&nbsp;
For a deeper dive into email spoofing, check out this excellent video by ThioJoe for many detailed examples of different ways scammers will attempt to deceive you.
<iframe width="468" height="263" src="https://www.youtube.com/embed/hF1bIT1ym4g" title="How to Spot Any Spoofed &amp; Fake Email (Ultimate Guide)" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen="allowfullscreen"></iframe>

<h3>2. Hack into your online accounts</h3>
As mentioned earlier, your email is the foundation for your personal login credentials to all your online accounts. Many experts recommend <a href="https://www.forbes.com/sites/forbestechcouncil/2020/02/13/why-every-person-needs-at-least-four-email-accounts/?sh=4c8e8fb57006" rel="follow noopener" target="_blank">having at least 4 email addresses</a> for different online applications so that if one account gets compromised the damage is minimized.&nbsp;
Once a hacker has confirmed the email addresses that match your identity, they can proceed to try it with password combinations on innumerable accounts - a cyberattack known as credential stuffing.&nbsp;
The best way to protect yourself, which we&rsquo;ll discuss more below, is to never reuse passwords and always use the best 2FA available.&nbsp;
<h3>3. Gather personal information to socially engineer you or others</h3>
Your email reveals more about you than you probably think. It can be used to track down anything from your social media to Spotify account and where you work. Once a hacker matches your phone number to your email, they're ready to run a sophisticated social engineering attack. With enough personal information harvested, they can convincingly impersonate you or someone you know through spoofing. And if they hack all the way into your email, they can send convincing emails as you.&nbsp;
Your email address can also be used on the dark web to identify and purchase relevant leaked and stolen personal information. Check sites like <a href="https://haveibeenpwned.com/" rel="follow noopener" target="_blank">haveibeenpwned</a> to see if your information is out there. Real-time monitoring is also available through services such as Echoset.net.&nbsp;&nbsp;
<h3>4. Hack your personal email and jeopardize your online and in-person life</h3>
Given that email is the primary identifier and source for password resets, if someone hacks your email they can typically reset the passwords for ALL your online accounts. Once into an account, they can often change the associated email address with the click of a button - and you can say goodbye to that account forever.&nbsp;
The cybercriminal will also be able to see tickets and hotel reservations that come to your email. Assuming they&rsquo;ve scraped your home address, they can use this information to make a move on your personal property.
<h3>5. BEC (business email compromise)</h3>
Cybercriminals may simply want to use you as a gateway to your company. <a href="https://www.fbi.gov/how-we-can-help-you/safety-resources/scams-and-safety/common-scams-and-crimes/business-email-compromise" rel="follow noopener" target="_blank">According to the FBI,</a> BEC is one of the most financially damaging online crimes.
As we&rsquo;ve seen from the <a href="https://teampassword.com/blog/2022-uber-breach" rel="follow noopener" target="_blank">plenitude of successful breaches</a> this year, there are several possible avenues to breach a company. One common tactic in a BEC attack is to send an urgent email posing as the CEO or other executive. The employee, fearing retribution, ignores otherwise suspicion-arousing signs of a scam and cooperates with the directive, or at the very least opens the attachment or clicks the link. This may be all the attacker needs to gain a foothold.&nbsp;
Make it clear to everyone you work with that treating anything other than face-to-face communication with an extra helping of caution will never be punished. You need your team on your side when it comes to keeping your business safe.
<h2>How do I protect my email?&nbsp;</h2>
<h3>1. Set up 2FA</h3>
Use 2FA to maximize security for your email accounts. Of course, we recommend using 2FA on all accounts that allow it - even &ldquo;unimportant&rdquo; ones. Security experts recommend using time-dependent codes through apps such as Authy when possible, as they are much more difficult to get ahold of than SMS-based 2FA.
Many email providers support physical security keys such as <a href="https://www.yubico.com/" rel="follow noopener" target="_blank">Yubikey</a> if you want to take 2FA to the next level.&nbsp;&nbsp;
<h3>2. Don&rsquo;t reuse passwords</h3>
You&rsquo;ve heard the speech: &ldquo;use unique, strong passwords&rdquo;. We&rsquo;ve certainly done our fair share <a href="https://teampassword.com/blog/how-often-should-you-change-your-password-the-importance-of-password-safety" rel="follow noopener" target="_blank">driving the point home</a>. Having said that - please get a password manager, and don&rsquo;t reuse passwords.&nbsp;
If you share passwords with colleagues, teams, or family members, TeamPassword offers one of the most user-friendly and safe vaults out there. And it&rsquo;s just as easy to manage your private records there as well. Do you remain stubbornly unconvinced by the offer of a free, <a href="https://app.teampassword.com/dashboard#signup/testimonial" rel="follow noopener" target="_blank">no-commitment trial</a>? Check out our <a href="https://www.g2.com/products/teampassword/reviews" rel="follow noopener" target="_blank">reviews on G2</a>.&nbsp;
If you just need a one-person solution, there are plenty of free options out there. Setting up a vault takes a bit of time, but don&rsquo;t let that stop you from securing your accounts. There&rsquo;s no excuse to reuse passwords.&nbsp;
<h3>3. Check what devices are signed into your email</h3>
For Google accounts, click on Manage your Google Account &gt; Security &gt; scroll down to Your Devices &gt; manage all devices. This setting's location may differ based on your email provider.&nbsp;
Sign out that old laptop you&rsquo;ve got sitting in a drawer that hasn&rsquo;t been updated in 3 years, and remove your parent&rsquo;s desktop that you used to check email once. In general, check that you recognize all device activity. The only devices with access should be ones whose security you control.&nbsp;
<h3>4. Check data breach reports</h3>
Check sites such as <a href="https://haveibeenpwned.com/" rel="follow noopener" target="_blank">haveibeenpwned</a> to see if your email or passwords are part of any breaches or leaks. If your email address has been significantly impacted, you may need to migrate to a new address. Real-time monitoring is available through services such as <a href="https://www.echosec.net/darknet" rel="follow noopener" target="_blank">Echosec</a> and <a href="https://www.whatsupgold.com/network-monitoring-software" rel="follow noopener" target="_blank">Whatsup Gold</a>.&nbsp;
Once your email address, passwords, or personal documents are out there, the best you can do is take appropriate reactive steps to minimize the possibility of that information being used against you.
If your email is the culprit, immediately change all passwords on connected accounts. Cybercriminals will use your email to credential stuff thousands of online accounts in the off chance that they can break in. Seriously, don't reuse passwords.&nbsp;
If your driver's license, passport, or SSN numbers were leaked, report this to your local DMV, U.S. State Department, and Social Security Administration, respectively.
To avoid being impacted by basic data leaks, look into <a href="https://www.makeuseof.com/gmail-how-to-add-email-alias/#:~:text=How%20to%20Create%20Temporary%20Aliases%20in%20Gmail" rel="follow noopener" target="_blank">setting up temporary aliases</a> for use with different online accounts so you can more easily identify when and where you&rsquo;ve been compromised.&nbsp;
<h3>5. Practice (close to) Zero Inbox</h3>
Even if you&rsquo;re not ready to fully commit to the inbox zero lifestyle, you can <a href="https://fortelabs.com/blog/one-touch-to-inbox-zero/">utilize many of its strategies</a> to greatly reduce stress around handling emails. If your inbox is out of control, you may miss a suspicious login attempt or password reset message. Plus, if you&rsquo;re stressed and pressed for time when sorting through your emails, you&rsquo;re less likely to exercise the caution and attention to detail required to catch spoofed emails and false links.&nbsp;

<h2>How does TeamPassword keep your email and accounts safe?</h2>
If using password best practices is too hard neither you nor your team will do it. TeamPassword makes it easy to store, update, and share credentials without them leaving an encrypted environment.
<img src="https://cdn.buttercms.com/S5jNIC3TtuXldRHK5V4w" alt="TeamPassword _ Team Password Manager ..." width="468" height="383" />
Storing your login credentials in a password manager minimizes damage in the event that your email gets breached. People who don&rsquo;t use a password manager may store passwords in an excel spreadsheet which they email to others, or a Google Sheet which can be accessed if their Google account is compromised.&nbsp;
<a href="https://teampassword.com/">Give us a try for free for 14 days</a> and let us know what you think! We&rsquo;re always ready to answer questions or hear feedback at <a href="mailto:support@teampassword.com">support@teampassword.com</a>.&nbsp;

Email is used for password resets, 2FA authorization, and other identity verification. Learn how hackers exploit yours and shore up defenses

Email is used for password resets, 2FA authorization, and other identity verification. Learn how hackers exploit yours and ...

What Can Hackers Do With Your Email Address?

What Can Hackers Do with your Email Address? - TeamPassword

While there is no hard and fast rule, experts agree that it is wise to change your passwords every 90 days. Yup, every 90. If the very thought of going through each and every one of your 127 passwords and updating them every 90 days makes you want to click off this article - don&rsquo;t.&nbsp;
With a little knowledge, this tedious task can be made easier and safer. We&rsquo;ll also share why it&rsquo;s an essential part of securing your accounts and that it's:
<ol>
<li style="font-weight: 400;" aria-level="1">Worth your time, and</li>
<li style="font-weight: 400;" aria-level="1">Not as overwhelming as it seems if you&rsquo;re using the right tools</li>
</ol>
Aside from learning to spot <a href="https://teampassword.com/blog/your-passwords-are-only-as-secure-as-your-teams" rel="follow noopener" target="_blank">social engineering attacks</a>, regularly changing your passwords is one of the easiest actions you can take to minimize the probability of being hacked.&nbsp;
<h2>What&rsquo;s the point of changing my password?&nbsp;</h2>
Does changing my password really make a difference?&nbsp;
Statistics from 2019 found that over 1 million passwords are stolen every week, and that number has only increased during the pandemic. Today, there are over <a href="https://www.securitymagazine.com/articles/97825-24-billion-usernames-passwords-available-on-the-dark-web#:~:text=There%20are%20more%20than%2024,to%20new%20Digital%20Shadows%20research." rel="follow noopener" target="_blank">24 billion username and password combinations available on the dark web</a>.&nbsp;
Changing your passwords absolutely makes a difference in keeping your accounts safe, provided they&rsquo;re strong. Some stolen passwords are exploited right away, but others are leveraged months later. Changing your password could foil months of a cybercriminal&rsquo;s work, which may lead to them focusing their attention on lower-hanging fruit.
<h3>Are my accounts more secure the more I change my password?</h3>
Yes, and no. Provided you are using randomly generated or unique passwords of 12+ characters with symbols and numbers, then updating your most valuable accounts frequently absolutely keeps your accounts more secure.&nbsp;
Frequent, scheduled password changes are only an issue when the task is thrust upon an uneducated employee who hasn&rsquo;t been given the right tools for the job.
Most software solutions that mandate frequent password changes are rendered virtually useless by not giving the user the proper tools. People feel annoyed at being forced to change and memorize a new password, and often game the system, first adding a 1, then a !, then a 2 etc. I was certainly guilty of this at past jobs.&nbsp;
Requiring people to change their passwords without providing a password manager (more on this below) irritates people and does little to bolster your company&rsquo;s security.
Cybersecurity exists on a spectrum: convenient and frictionless on one end, and security on the other. In a perfect world you would change your password every day, but the cost/benefit analysis buckles when you realize that a program like <a href="https://www.zdnet.com/article/following-oldsmar-attack-fbi-warns-about-using-teamviewer-and-windows-7/" rel="follow noopener" target="_blank">TeamViewer can get hacked</a>, rendering a simple security measure such as a password useless.&nbsp;
Ultimately, a combination of new, complex passwords and a <a href="https://teampassword.com/blog/one-time-passwords-vs-two-factor-authentication" rel="follow noopener" target="_blank">second authentication factor</a> is the best we can do.&nbsp;
If your systems require the best available security, look into hardware keys such as Yubico, Google Titan, and Thetis.&nbsp;
<h2>How to change your passwords</h2>
The most common reason people cite for not wanting to change passwords is the time it takes. It&rsquo;s a manual process, and right now there&rsquo;s no way around that. But if you're not using a password manager, your vision of what the process looks like may be needlessly convoluted.
The unknown can be scary.
<img src="https://cdn.buttercms.com/kE8Uzu4ESfebb0whlxAV" alt="undefined" width="752" height="386" />
With a password manager, updating passwords is as simple as:&nbsp;
<ul>
<li style="font-weight: 400;" aria-level="1">Navigate to the &ldquo;change password&rdquo; page of your account settings&nbsp;</li>
<li style="font-weight: 400;" aria-level="1">Click your browser extension. The extension will most likely have pulled up the appropriate record, but if not simply search for it&nbsp;</li>
<li style="font-weight: 400;" aria-level="1">Click &ldquo;edit&rdquo; in your password manager on the account you&rsquo;re updating</li>
<li style="font-weight: 400;" aria-level="1">Use the Password Generator to create a new, strong password</li>
<li style="font-weight: 400;" aria-level="1">Save the password in your manager and on your account</li>
</ul>
Change your passwords with a movie or music in the background! There&rsquo;s no reason it has to be all boring.&nbsp;&nbsp;
<h3>How to make strong passwords</h3>
If the account you&rsquo;re using allows for symbols, then generating a long, random string of symbols, digits, and letters is the easiest and safest option.&nbsp;
If you need to remember the password, try creating a passphrase. Passphrases are strings of words, with a few symbol and number substitutions, that are easy to remember but hard to guess. Part of the reason passphrases are effective is that when it comes to password strength, <a href="https://teampassword.com/blog/tips-and-tricks-to-create-a-strong-password" rel="follow noopener" target="_blank">longer is better</a>. Don&rsquo;t use song lyrics, lines from poems, or anything that can be found in a Google search.&nbsp;
<h3>What are bad passwords?</h3>
Every year, a few websites take the time to bemoan the state of password management by compiling the <a href="https://www.tomsguide.com/news/worst-passwords-2022" rel="follow noopener" target="_blank">worst passwords of the year</a>. The list typically looks much the same. These passwords can be cracked in less than a second by modern software, yet continue to be widely used.&nbsp;
Avoiding bad passwords is mostly common sense. If you use a password generator or take the time to create a 14+ character passphrase, you&rsquo;re probably good. The key is to avoid patterns and personal information.&nbsp;
If someone is choosing to target you, they will scour the internet and social media for personal information. Pet&rsquo;s names, birthdays, your first car&hellip;it&rsquo;s hard to remember everything you&rsquo;ve ever said on the internet. We recommend avoiding such personal information when building your password.
Here are a few that always make the worst passwords list:
<ul>
<li style="font-weight: 400;" aria-level="1">123456</li>
<li style="font-weight: 400;" aria-level="1">123456789</li>
<li style="font-weight: 400;" aria-level="1">qwerty</li>
<li style="font-weight: 400;" aria-level="1">password</li>
<li style="font-weight: 400;" aria-level="1">12345</li>
<li style="font-weight: 400;" aria-level="1">12345678</li>
<li style="font-weight: 400;" aria-level="1">111111</li>
<li style="font-weight: 400;" aria-level="1">1234567</li>
<li style="font-weight: 400;" aria-level="1">123123</li>
<li style="font-weight: 400;" aria-level="1">qwerty123</li>
</ul>
<h2>What is a password manager?</h2>
So far, I&rsquo;ve asseverated that a password manager is a critical tool in your mission for effective password hygiene. But what is its purpose?
In its most basic form, a password manager is a single vault that stores unique passwords for all your accounts. The benefit is that you only need to remember one master password to access the vault.&nbsp;
A good vault such as TeamPassword uses <a href="https://en.wikipedia.org/wiki/Client-side_encryption#:~:text=Client%2Dside%20encryption%20is%20the,as%20a%20cloud%20storage%20service." rel="follow noopener" target="_blank">Client-Side Encryption</a>, which means that even TeamPassword employees, or anyone with access to TeamPassword&rsquo;s database, cannot see your passwords. They also feature AES 256-bit encryption and security accreditations such as ISO 27001, SOC 1 and SOC 2, SSAE 16 and ISAE 3402.
The best vaults allow users to share passwords with team members - be they friends, family, or colleagues. With organizational tools like groups and different user settings, you can control who sees what without exposing your data.&nbsp;
<h3>Should I let my browser save my passwords?</h3>
While Chrome is working to make its password manager more secure, it does not provide enterprise level security or secure sharing.&nbsp;
Chrome is designed to be the most convenient browser on the market, and it succeeds. But if your Google account is breached, your passwords will be revealed. Most of us sync our Chrome profiles so that we can access bookmarks from anywhere. This works against us if one of our devices is stolen.
I won&rsquo;t claim that a real password manager is as convenient as letting your browser handle everything. As I said above, cybersecurity is often a tradeoff between easy and secure. However, if you need to share passwords with team members or family, then Chrome is definitely not the appropriate tool. A dedicated password manager built for sharing is both easier to use and safer.&nbsp;
<h3>How does a password manager work?&nbsp;</h3>
Let&rsquo;s start with what a password manager is not.&nbsp;
<ul>
<li style="font-weight: 400;" aria-level="1">Not a magical tool that automatically updates all your account passwords without you lifting a finger.&nbsp;</li>
<li style="font-weight: 400;" aria-level="1">Does not guarantee that you&rsquo;ll never be locked out of an account again - you could accidentally save different passwords between your password manager and the account you&rsquo;re trying to manage.&nbsp;</li>
<li style="font-weight: 400;" aria-level="1">Does not replace account settings or have administrative control over your accounts. That is, just changing your Instagram password in your password manager does not actually change your Instagram password. You still need to go to your Instagram account settings and make the change there.&nbsp;</li>
</ul>
What does it do?
By storing your sensitive credentials in a host-proof and locally encrypted vault, a password manager stores complex passwords for all your accounts while only requiring you to remember the master password that accesses your vault. Team plans let you safely share account credentials with your team without the credentials leaving an encrypted environment.
<h2>Is TeamPassword a good password manager?</h2>
TeamPassword is one of the best - especially for sharing passwords on teams.
TeamPassword exists so teams can effortlessly access the credentials they need&hellip;and only the credentials they need. Here are a few of the features that make this possible:
<ul>
<li style="font-weight: 400;" aria-level="1">Unlimited number of completely customizable groups such as Marketing, HR, and Billing</li>
<li style="font-weight: 400;" aria-level="1">Records can be part of multiple groups</li>
<li style="font-weight: 400;" aria-level="1">Admins grant or revoke access to each group with the click of a button</li>
</ul>
TeamPassword is designed so that your team will actually use it. The interface is simple and only shows you what you need. We integrate with Google SSO for seamless login into your vault.&nbsp;
<img src="https://cdn.buttercms.com/S5jNIC3TtuXldRHK5V4w" alt="undefined" width="511" height="418" />
We offer a mobile app and extension so your records are accessible everywhere, all the time.
If you&rsquo;re looking for an affordable, easy-breezy to set-up password manager for your team, please <a href="https://app.teampassword.com/dashboard#signup/testimonial">sign up for our free trial</a> and let us know what you think.&nbsp;&nbsp;

We suggest changing your passwords every 90 days. Overwhelmed? Here are some tips to make it easier and reasons why it's worth it.

We suggest changing your passwords every 90 days. Overwhelmed? Here are some tips to make it easier and ...

How Often Should You Change Your Password?

How Often Should You Change Your Password? The Importance of Password Safety

Optus, the second-largest telecommunications company in Australia, confirmed on September 22nd that roughly 9.8 million personal records of current and past customers were leaked. They had no additional info at the time, which left those affected feeling helpless and betrayed.&nbsp;
An unidentified person has taken responsibility for the hack. The hacker demanded $1 million to delete the data. Otherwise, they would release 10,000 personal records a day until they received payment.
The alleged hacker followed up on their threat - once. When payment was not received, they released 10,000 records that likely went straight to the dark web to piece together some profiles - a process whereby bots analyze whether criminals have enough information to target someone with scamming or identity theft. The hacker has since withdrawn their demand, apologized for their actions, and has not released any additional records.&nbsp;
Affected records include everything from phone numbers to driver&rsquo;s licenses and passport numbers.&nbsp;
<h2>Backlash</h2>
Investigating a breach is no small undertaking, and it&rsquo;s impossible to know for certain if Optus acted slower than other industry giants would in an identical situation. However, their attitude and lackluster communication resulted in severe backlash from the Australian government and general public.
Optus framed itself as the victim of a cyberattack despite no evidence of how the personal records were accessed. In an interview with <a href="https://www.smh.com.au/technology/optus-commissions-independent-review-into-hack-20221003-p5bmr5.html" rel="follow noopener" target="_blank">the Sydney Morning Herald</a>, CEO Bayer Rosmarin said, &ldquo;There has been no review and no report on the nature of what has occurred&hellip; so anyone saying anything about it is not talking from a position of knowledge.&rdquo;
This attempt to control the narrative left government officials unimpressed.&nbsp;
Government Services Minister Bill Shorten told reporters, using a suitably Australian metaphor: &ldquo;Optus senior management are kidding themselves if they want a medal for the way that they&rsquo;ve been communicating. Not even a crocodile&rsquo;s going to swallow that.&rdquo;&nbsp;
<h2>The Situation Worsens</h2>
Two weeks later Optus provided additional info. After combing through logs, they claim that only 2.1 million personal records were exposed, of which 900,000 are expired. They said that all affected persons had been contacted, warned users not to open links from email or SMS, and recommended the My Optus app as the safest way to communicate with them.&nbsp;
However, the leaked data goes back to 2017 and includes many ex-customers. How will these people be contacted safely? Does sending one email count as &ldquo;contacted&rdquo;? No one knows. And scammers are capitalizing on the confusion.
Customers are seeing phishing emails, phone calls, and SMS or social media messages asking users to order new SIM cards or update billing information in order to secure themselves from the attack.&nbsp;
<img src="https://imageresizer.static9.net.au/DNxRJtnZyv_3cSTit0z00SxuAl4=/500x0/https%3A%2F%2Fprod.static9.net.au%2Ffs%2F81445f8b-5d9d-4eb6-a475-4503a4115f4a" srcset="https://imageresizer.static9.net.au/DNxRJtnZyv_3cSTit0z00SxuAl4=/500x0/https%3A%2F%2Fprod.static9.net.au%2Ffs%2F81445f8b-5d9d-4eb6-a475-4503a4115f4a 500w, https://imageresizer.static9.net.au/8giVCxs0LcluhV8nbc6w6CHSXy0=/600x0/https%3A%2F%2Fprod.static9.net.au%2Ffs%2F81445f8b-5d9d-4eb6-a475-4503a4115f4a 600w, https://imageresizer.static9.net.au/v7aYqCtwFfAW06vEI2E0JbP_2fw=/800x0/https%3A%2F%2Fprod.static9.net.au%2Ffs%2F81445f8b-5d9d-4eb6-a475-4503a4115f4a 800w, https://imageresizer.static9.net.au/-SfHZJctTIAHRMcJl4wXJZsNEAc=/1000x0/https%3A%2F%2Fprod.static9.net.au%2Ffs%2F81445f8b-5d9d-4eb6-a475-4503a4115f4a 1000w, https://imageresizer.static9.net.au/HiNJ6jw4HpAkMbpJdRakYwRCuus=/1200x0/https%3A%2F%2Fprod.static9.net.au%2Ffs%2F81445f8b-5d9d-4eb6-a475-4503a4115f4a 1200w, https://imageresizer.static9.net.au/mG2v3q3g846PwNGrMjzceIhz9Oc=/1600x0/https%3A%2F%2Fprod.static9.net.au%2Ffs%2F81445f8b-5d9d-4eb6-a475-4503a4115f4a 1600w" sizes="(min-width: 1024px) 800px, (min-width: 768px) 600px, 500px" alt="Scamwatch shared these two separate examples of scams following the Optus cyberhack. Correspondence about sim cards should be deleted, and any correspondence about bill &quot;issues&quot; treated with a high level of caution." width="389" height="219" />
The government agency Scamwatch took the initiative to warn customers about these scams. &ldquo;Optus is not contacting people about their bills and asking you to update information.&rdquo;&nbsp;
In the absence of other directions, people are scrambling to update their passports and driver&rsquo;s license numbers.
<h2>How was the data exposed?</h2>
Knowledge of how the breach occurred is frustratingly scarce.&nbsp;
According to Security Boulevard, &ldquo;Unconfirmed reports suggest that an API Gateway was being used by Optus. If so, that API gateway failed to sufficiently rate limit the attacker's access to Optus's sensitive data.&rdquo;
Security Boulevard <a href="https://securityboulevard.com/2022/10/optus-data-breach-why-vulnerable-apis-are-to-blame/" rel="follow noopener" target="_blank">provides a good overview</a> of possible API vulnerabilities that led to easy personal information extraction. Time will tell if this was the weak link.&nbsp;
Optus is noncommittal regarding whether or not they will release the full review being done by consultancy firm Deloitte. Perhaps this is Optus's ill-conceived attempt to make things seem less bad. If so, they failed to consider that the human imagination proliferates catastrophes, and the possibility that 2.1 million identities are compromised gives it ample fodder.&nbsp;
Optus is now <a href="https://www.optus.com.au/support/cyberattack" rel="follow noopener" target="_blank">attempting open communication through its website</a>, but it may be too little too late to save face.
We&rsquo;re waiting on the results of the investigation to form a picture of what you can do to prepare for future breaches of this nature, or how you can take action to mitigate risk now. Fingers crossed that the findings will get released to the public.&nbsp;
Optus has dug itself a bit of a hole. Government fines loom on the horizon, and user trust is eroded. We shall see how they choose to proceed.&nbsp;
To be continued&hellip;

Learn why Optus got lambasted by the government and public alike for their communication surrounding 9.8 million stolen records.

An overview of the Optus Breach so far: what happened, how Optus responded to victims of the breach, ...

The Optus Breach: How Not to PR

An overview of the Optus Breach so far: what happened, how Optus responded to victims of the breach, and why their communication was lambasted by the government and public alike.

Local SEO and traditional SEO rankings are affected by different factors. Traditional SEO shows users the most valuable, relevant content based on their keyword search. Local SEO is informed by the above but adds location to the mix in order to get the user more personalized results.&nbsp;
When queried for local results, Google only targets and displays results for businesses within a specified proximity. That&rsquo;s why when you&rsquo;re ordering pizza late on a Tuesday because you forgot to pick up groceries, Google shows you pizza delivery places nearby, not pizza joints in Bhutan. Often, digital marketing agencies primarily cater to companies in their province but most don&rsquo;t necessarily exclude other clients.
Local SEO improves your search engine visibility to customers near your location. And it uses specific metrics to influence your local SEO website rankings.&nbsp;
A digital marketing Local SEO specialist is chiefly concerned with three categories relating to Google&rsquo;s requirements:
<ul>
<li style="font-weight: 400;" aria-level="1">Distance&nbsp;</li>
<li style="font-weight: 400;" aria-level="1">Relevance</li>
<li style="font-weight: 400;" aria-level="1">Prominence</li>
</ul>
These three pointers form the basis of robust local SEO marketing services.&nbsp;
<h1>How to improve your local SEO ranking</h1>
As location-based searches increase yearly so does the competition. The <a href="https://www.forbes.com/sites/theyec/2019/11/04/what-you-need-to-know-about-the-latest-local-seo-trends/">trends keep changing</a>, but businesses can reap the benefits by improving their online presence through each of the following factors.
<h2>Create Evergreen Content</h2>
Without content online, you have nothing to optimize and nothing for search engines to rank well (or poorly). Creating timeless content relevant to your local community is the foundation for boosting your rankings.&nbsp;
If you maintain a website of the best restaurants, hikes, and sites in your local city of Memphis, and the content is lucid, actionable, and regularly updated (no one likes driving to a restaurant only to find it&rsquo;s closed!), the locals may bookmark it and check it regularly. This is fantastic for your local SEO.&nbsp;
Let&rsquo;s say you&rsquo;re a bank, real estate agency, or grocery store. Consider covering events and local news in your articles to show that you&rsquo;re up-to-date on your community, and use location-specific keywords in your copy to build authority and target the appropriate audience.&nbsp;
On average, evergreen content accounts for over 92% of leads in top organizations like HubSpot.
<h2>Earn Quality Backlinks</h2>
A large number of backlinks from reputable sources indicates to Google&rsquo;s search engine that your content is high quality and r
elevant to the topic you purport to be an authority on.
90.63% of websites do not get traffic on Google because <a href="https://ahrefs.com/blog/search-traffic-study/">they do not have backlinks</a>.&nbsp;
Websites that rank high on SERPs (search engine results pages) typically have a large number of backlinks from other domains with high authority. Evergreen content is key to getting these backlinks.
Let&rsquo;s use our example of a local activity guide website. If you regularly update your website with valuable content about Boston, then a more trafficked, well-established website about traveling in Massachusetts will feel comfortable pointing its readers to you as a resource. When authoritative sources link to your website (and thus affirm its value), Google uses this information to improve your rank on SERPs.&nbsp;
<h2>Take Control of Your Google Business Profile (GBP)</h2>
Google Business Profile is a tool that allows you to list business details online, such as opening hours, contacts, photos, and business locations.&nbsp;
Your GBP is one of the items Google shows in response to a local search query. The contents of your GBP are instrumental in deciding the final positioning of your business in search results. When rank-ordering companies, search engine algorithms prioritize contact information, proximity to a user, evergreen content, and services.&nbsp;
Building a GBP profile is essential, as it helps locals see important information about your business before visiting your site. Web design companies will often leverage the information provided by your GBP to create a website. And don&rsquo;t forget to add a photo; profiles with photos receive 35% more clicks than those without.
A GBP is free and relatively easy to create; you or a content marketing specialist can set it up.&nbsp;
<h2>Get Mentioned in Citations</h2>
Citations are different from backlinks, and Google can tell them apart. A citation is when your website is mentioned on another website. When Google sees your website listed in directories such as Yelp, Facebook, or your local chamber of commerce, it recognizes it as legitimate - providing the details match.&nbsp;
Add your business page to as many local directories as possible. There are many popular directories, but you should research those related to your industry. There are directories for real estate, health insurance, mechanics, etc. Local SEO specialists can help ensure you don&rsquo;t list on the same directory twice. So if you&rsquo;re in Milwaukee, you may choose a <a href="https://corberry.com/digital-marketing-milwaukee/">digital marketing agency in Milwaukee</a>. Businesses in the top 10 on Google typically have over 50 <a href="https://www.goup.co.uk/local-seo/learn/how-important-are-citations/">citations</a>.&nbsp;
<h2>Personalize Your Content</h2>
Even though we may not fully understand how search engines&rsquo; algorithms operate, one foundational aspect is the bias toward personalization. The algorithm wants to show results based on what it has learned about the customer&rsquo;s preferences and interests.
Write content for the people for whom your business exists. Don&rsquo;t try to trick the algorithm into ranking you higher. In the long run, proving you know your customer and can provide value will get you shown to the right people.&nbsp;
On average, 4 out of 5 <a href="https://www.freshrelevance.com/blog/website-personalization-statistics">companies that personalize</a> see an uplift in their content.&nbsp;
<h2>Monitor and Collect Reviews</h2>
Google considers reviews from customers when ranking websites. True, some customers may troll you or leave unreasonable comments, but for better or worse, a search engine takes them into consideration.&nbsp;
Positive reviews help build your business&rsquo;s online credibility. Google knows that customers would rather take a chance on companies that have glowing reviews from fellow users. Some of the signals used by ranking metrics are quality of reviews, total number, diversity, and frequency of new reviews.&nbsp;
A successful local SEO strategy will leverage the many reputable online review platforms. Check your business on sites like Google Maps, Trip Advisor, Yelp, and Glassdoor to get insight into what the internet thinks of you.&nbsp;
If you don&rsquo;t appear anywhere, it&rsquo;s time to ask your top customers to give you a review!
<h2>Improve the User Experience</h2>
How users <a href="https://teampassword.com/blog/improve-your-companys-digital-marketing-with-these-awesome-techniques">interact with your website</a> also affects your rankings. Most search algorithms depend on the entire user experience to decide if your website is worth listing on a search result. Knowing user behavioral patterns will help you improve their experience and your local SEO ranking.&nbsp;
Some of the primary signs an algorithm looks out for include:
<ul>
<li style="font-weight: 400;" aria-level="1">Directions to your business site</li>
<li style="font-weight: 400;" aria-level="1">Click-through rate</li>
<li style="font-weight: 400;" aria-level="1">Mobile clicks to call</li>
<li style="font-weight: 400;" aria-level="1">Bounce rate</li>
<li style="font-weight: 400;" aria-level="1">Check-ins from social media sites</li>
</ul>

This is where a well-optimized website becomes necessary. Most web designers build sites that are optimized for mobile use. Since over half of all web traffic happens on phones, you need your website to be a seamless experience.
<h2>Understand Localized Organic Ranking vs. Local Pack</h2>
There are two distinct parts involved in local SEO.&nbsp;
When a customer searches for a gas station, pizza store, or restaurant &ldquo;near me,&rdquo; Google will display two kinds of results; organic and local pack searches. You&rsquo;ll find other types of results too.
Local pack results consist of listings displayed in a map format. It also shows information, review ratings, and where it is precisely located. Organic listings are the regular blue link results on a Google page. The local pack is displayed at the top before organic rankings.
&nbsp;&nbsp;
Localized Organic Ranking Factors:
<ul>
<li style="font-weight: 400;" aria-level="1">Reviews (6%)</li>
<li style="font-weight: 400;" aria-level="1">Behavioral (10%)</li>
<li style="font-weight: 400;" aria-level="1">GBP (7%)</li>
<li style="font-weight: 400;" aria-level="1">Citations (6%)</li>
<li style="font-weight: 400;" aria-level="1">Links (31%)</li>
<li style="font-weight: 400;" aria-level="1">Personalization (7%)</li>
</ul>
Local Pack ranking:
<ul>
<li style="font-weight: 400;" aria-level="1">GBP (33%)</li>
<li style="font-weight: 400;" aria-level="1">On-page (15%)</li>
<li style="font-weight: 400;" aria-level="1">Behavioral (8%)</li>
<li style="font-weight: 400;" aria-level="1">Personalization (6%)</li>
<li style="font-weight: 400;" aria-level="1">Links (15%)</li>
<li style="font-weight: 400;" aria-level="1">On-page (15%)</li>
</ul>
Improving the above factors may not give your business an immediate boost. Backlinks, for instance, are a long-term strategy and take time to cultivate. However, a Google Business Profile does not take much time to set up and provides significant value to local businesses.
<h2>Conclusion&nbsp;</h2>
Local SEO rankings have become the holy grail for small businesses. You may not have the power to compete with large companies for international recognition, but your local terrain can become your stronghold.
Consider the above factors when building your online presence, and focus on those that are likely to have the most impact given your situation and industry.&nbsp;
Many business owners are not aware of the long-term impact of evergreen content on their ranking. Building credibility online using local SEO takes time. Eventually, you may need to implement all the factors listed here if you wish to be on the first page of Google. Don&rsquo;t have the time or energy to improve your local SEO? It is possible to get help from digital marketing agencies that specialize in content creation or from <a href="https://contentmarketing.io/">content marketing agencies </a>that specialize in marketing content.
Local SEO can be tedious and overwhelming in the beginning, but the payoff is worth it.&nbsp;

Local SEO and traditional SEO rankings are affected by different factors. Traditional SEO shows users the most valuable, relevant content ba

Local SEO and traditional SEO rankings are affected by different factors. Traditional SEO shows users the most valuable, ...

How to Optimize Local SEO for Your Business

Local SEO and traditional SEO rankings are affected by different factors. Traditional SEO shows users the most valuable, relevant content based on their keyword search. Local SEO is informed by the above but adds location to the mix to get the user more personalized results.

2022 has been a year of tech giants getting breached. Human fallibility continues to be, for the most part, the weakest link in company security. More on that later.&nbsp;
The latest victim is the ubiquitous ride-sharing company, Uber.&nbsp;
<h1>The 2022 Uber Breach - What, How, and Lessons Learned</h1>
This isn&rsquo;t the first time Uber has been breached. In 2016 they allegedly paid hackers $100,000 to delete the data they stole and keep the breach a secret. A year and CEO change later, the hack was publicized, revealing that personal information from over 50 million Uber riders and the driver&rsquo;s license numbers of 600,000 US drivers had been leaked.
Every publicized breach is a chance to learn and prepare. In this article, we will briefly cover what happened with the Uber breach of 2022 and then discuss what companies should do to shore up their defenses.&nbsp;
For more details about the breach itself, Uber <a href="https://www.uber.com/newsroom/security-update/" rel="follow noopener" target="_blank">maintains their own newsroom</a> covering the situation.&nbsp;
<h2>How did the Uber breach happen?</h2>
The 2022 Uber breach was a &ldquo;<a href="https://teampassword.com/blog/your-passwords-are-only-as-secure-as-your-teams" rel="follow noopener" target="_blank">social engineering</a>&rdquo; attack. In social engineering attacks, cybercriminals use psychology to manipulate users into disclosing secret information or taking an action that allows the criminal to access private data.&nbsp;
In this case, one Uber contractor unknowingly allowed the hackers the access they needed. Uber states that &ldquo;It is likely that the attacker purchased the contractor&rsquo;s Uber corporate password on the dark web, after the contractor&rsquo;s personal device had been infected with malware, exposing those credentials.&rdquo;&nbsp;
The attacker then employed an increasingly common attack called MFA (multi-factor authentication) Fatigue. They repeatedly attempted to log in with the stolen password, which caused the contractor to be spammed with authentication requests. Eventually, either by accident or to make it stop, the contractor accepted one such request.
With access to one account, the hacker was able to get into other employees&rsquo; accounts and further elevate their permissions. They took the opportunity to boast of their feat internally.&nbsp;&nbsp;
<img src="https://cdn.buttercms.com/EoRmRO0rRBSwr8DQBQQw" alt="undefined" width="665" height="393" />
Uber has taken cautionary steps, including mandatory password resets and locking down its codebase.&nbsp;
<h2>Who was responsible for the Uber breach?</h2>
They believe LAPSUS$, a hacking group that has taken credit for breaches of Nvidia, Samsung, and Microsoft, to name a few, is responsible.&nbsp;
LAPSUS$ itself is an interesting rabbit hole. They first made headlines by hacking Brazil&rsquo;s Ministry of Health and deleting the health records of millions of people (thankfully the government had backups). LAPSUS$ later breached Nvidia - a technology company famous for its GPUs -&nbsp; and demanded that they make their drivers open-source if they did not wish their data leaked. In March of this year, the London police arrested seven teenagers related to the group. All have since been released, and LAPSUS$ continues its prolific run.&nbsp;
LAPSUS$&rsquo;s goal is unknown, nor do authorities know whether they have backing from a larger organization. Recent activity suggests that members operate from the UK and US, though some suspect ties to South America given their propensity for targeting that region.&nbsp;
For more information about LAPSUS$, Krebs has done great work <a href="https://krebsonsecurity.com/?s=%22lapsus%24%22" rel="follow noopener" target="_blank">documenting their activity</a>.
<h2>What can we learn from the Uber breach?</h2>
The breaches at Microsoft, Cisco, Uber, etc. all have a common pattern. There were no incredible feats of &ldquo;hacking,&rdquo; where a genius criminal breaks through security systems with sweat dripping down their brow as shown on TV. Instead, the attacks were intentional, methodical, and exploited human fallibility.&nbsp;&nbsp;
Humans are the easiest and often the weakest target. Many people see through and avoid becoming victims of social engineering tactics. But among companies like Uber, which employs over 29,000 people and has 122 million users each month, or T-Mobile (<a href="https://teampassword.com/blog/t-mobile-data-breach-2021-what-happened" rel="follow noopener" target="_blank">victim of a major breach in 2021</a>), which employs 75,000 people and outsources much of its customer support, there are more than a few prime targets for cybercriminals.
We may sound like a broken record exhorting you to educate your employees and demand security best practices. But seriously - educate your employees and demand security best practices!
If we&rsquo;ve learned anything from recent breaches, it&rsquo;s that they would not have been possible without successful social engineering.&nbsp;
<h2>How could the Uber breach have been prevented?</h2>
The Uber hackers followed two relatively simple steps:&nbsp;
<ol>
<li style="text-align: left;">Buy compromised passwords</li>
<li style="text-align: left;">Social Engineer an employee&nbsp;</li>
</ol>
<h3>Improve Password Hygiene</h3>
Individuals and companies can reduce the risk of compromised passwords by regularly scheduling password changes. Setting a reminder to appear every 90 days on your phone to change vital passwords and run manual security checks makes it less likely for your passwords to be available for purchase. There are also programs that will monitor personal devices in real-time. These precautions alone aren't enough, as even relatively new passwords can be compromised.&nbsp;&nbsp;
For added security and convenience, <a href="https://teampassword.com/" rel="follow noopener" target="_blank">use a password manager like TeamPassword</a>. Password managers encrypt and store all of your passwords in one secure location. Many even include built-in password generators and mandatory 2FA.&nbsp;
<h3>Use 2FA</h3>
To counter the second step - social engineer an employee - you should use the best 2FA available and stay calm in the face of urgent requests to bypass the security measures you have in place.&nbsp;
Not all 2FA methods are equally effective. Authenticator Apps that generate One-Time-Passwords (OTP) directly on your device and refresh them regularly are more secure than SMS sent via a cellular carrier to your phone. The danger of SMS is mostly due to the possibility of SIM-swapping, where a criminal convinces a carrier to transfer a customer&rsquo;s number to the criminal&rsquo;s own device, thus gaining control of any OTPs. The <a href="https://krebsonsecurity.com/2021/10/fcc-proposal-targets-sim-swapping-port-out-fraud/" rel="follow noopener" target="_blank">FCC is making attempts to stop this</a>, but SMS is still widely used and remains vulnerable.&nbsp;
Using 2FA can be annoying. It requires you to use a second device, and the time it takes adds up. But the security it provides is worth the cost. So use it if you can.
<h3>Don&rsquo;t Act - Ask</h3>
Finally, common sense and a healthy dose of skepticism are essential components of a strong defense. If a request for information seems urgent, doesn&rsquo;t seem familiar, or make sense, then it&rsquo;s best to pause, consider, and confirm. Call the sender or ask a colleague to take a look. No one wants to &ldquo;cry wolf,&rdquo; but cybersecurity is a complex subject, and caution will be appreciated more often than not.
It&rsquo;s always better to get a second pair of eyes on the situation.&nbsp;
<h3>Consider Using Hard Tokens</h3>
The Uber breach has also raised questions about hard vs. soft tokens. Soft tokens are software-based like MFA that uses a passcode or pin. Hard tokens are physical objects that grant access, like a USB or fob.&nbsp;
Hardware tokens are generally much more secure, as proven by the <a href="https://blog.cloudflare.com/2022-07-sms-phishing-attacks/" rel="follow noopener" target="_blank">failed phishing attack on Cloudflare</a> and <a href="https://krebsonsecurity.com/2018/07/google-security-keys-neutralized-employee-phishing/" rel="follow noopener" target="_blank">Google&rsquo;s success in thwarting phishing</a>. Someone has to physically steal the hard key to gain access. However, hard keys are more expensive to purchase and maintain, which has historically precluded them from all but the most high-security applications.&nbsp;
<h2>Final Thoughts</h2>
Cybersecurity is an incredibly dynamic field. Researching the Uber breach and LAPSUS$ motivated me to take inventory of my current 2FA settings and improve security where possible. Hopefully, this overview of the Uber breach has helped you identify an area of improvement for yourself and your company.

The Uber breach shows that human fallibility continues to be weakest link in company security. What can we do about it?

2022 has been a year of tech giants getting breached. Human culpability continues to be, for the most ...

The 2022 Uber Breach

2022 has been a year of tech giants getting breached. Human culpability continues to be, for the most part, the weakest link in company security. More on that later. The latest victim is the ubiquitous ride sharing company, Uber. This isn’t the first time Uber has been breached. In 2016 ...

Team Password Blog | Page 2

So you think hackers have stolen your password? You're not the only one. 
Perhaps you've noticed strange activity on your email account or frequent pop-ups on your computer. Perhaps it's just a hunch. 
But how can you know&nbsp;for sure?
There are many warning signs that you've been the victim of a data hack:
<ul>
<li>Your device is slower than normal.</li>
<li>You use more data than normal.</li>
<li>Videos take longer to load.</li>
<li>You received an email notification about a password change you didn't make.</li>
<li>An online account no longer accepts your password.</li>
</ul>
However, hackers can steal your passwords and identity&nbsp;without you ever knowing. That's why it's so difficult to tell if you're the victim of a hack.
This guide will help you work out if hackers have stolen your information and tell you how to stop it from happening again.&nbsp;
Prevent hackers from stealing your data by incorporating TeamPassword into your tech stack. This password manager for teams comes with a range of security features like two-step verification and password encryption.&nbsp;<a href="https://app.teampassword.com/dashboard#signup/testimonial" target="_blank" rel="noopener">Sign up for a free trial</a>&nbsp;today.&nbsp;

<h2>Have I Been Hacked? How Do I Know?</h2>
There are various ways to tell whether hackers have access to your information:
<ul>
<li>Look for unusual activity on your account. This activity includes logins to your social media accounts from unfamiliar locations or mass messages sent from your email account.&nbsp;</li>
<li>Look for security emails from account providers that warn about failed login attempts or password changes you didn't make.&nbsp;&nbsp;</li>
<li>Look for changes in performance on the devices, apps, and websites you use. For example, see if videos take longer to buffer than normal.&nbsp;</li>
<li>Look at your browser's password manager (if you use one) and check that nobody has changed these credentials.&nbsp;</li>
</ul>
All the above can be a guessing game. You might have a feeling that you're the victim of a hack but don't know for sure. 
Checking a stolen password list like "Have I Been Pwned" clears up some of the confusion. This tool searches across multiple data breaches &mdash; when hackers take stolen passwords and usernames and post them online &mdash; to see if cybercriminals have compromised your personal information. 
Here's how to use this stolen password list:
<ol>
<li>Enter your email address on the main page.&nbsp;</li>
<li>Click "pwned."</li>
<li>The website will search thousands of databases to see if hackers have stolen your personal information.</li>
<li>If you receive the "Oh no &ndash; Pwned!" message, it means hackers have posted sensitive information associated with your email address (passwords, addresses, phone numbers, etc.) somewhere online.</li>
<li>If you receive the "Good news &ndash; no pwnage found!" message, it means the website could not find your information on the internet.&nbsp;</li>
</ol>
Note: Just because the website can't find your data on the internet, it doesn't mean hackers haven't compromised your personal information.
Read more:&nbsp;<a href="https://teampassword.com/blog/password-manager-for-small-businesses" target="_blank" rel="noopener">Password Manager for Small Businesses</a>

<h2>Which Passwords Did Hackers Steal?</h2>
Establish which passwords hackers stole in a data breach so you can take quick action. Websites like "Have I Been Pwned"&nbsp;won't&nbsp;tell you which passwords are at risk. You'll only learn whether hackers have compromised the data associated with a particular email address. 
Note: Sometimes, hackers might have access to your email address and other personal information but not your password. It's hard to know for sure.&nbsp;
If hackers have access to your data, it's a good idea to change&nbsp;all passwords&nbsp;associated with the compromised email address. If you use your email address for several online accounts, change the passwords for these services. Updating these passwords might take you a while, and remembering the new passwords leads to additional problems. (Keep reading to find a solution.)
Here are some other tips:
<ul>
<li>When choosing new passwords, use combinations of lowercase letters, uppercase letters, numbers, and symbols. Passwords that use all these elements are stronger than those that don't.</li>
<li>Don't write your passwords down because this increases the risk of identity theft.&nbsp;&nbsp;</li>
<li>Don't tell anyone your new passwords.</li>
</ul>
Read more:&nbsp;<a href="https://teampassword.com/blog/the-most-secure-way-to-share-passwords" target="_blank" rel="noopener">The Most Secure Way to Share Passwords</a>.

<h2>How Common Is a Data Hack?</h2>
More common than you think. Hackers were responsible for more than 4,000 attacks every day in 2020, and the total number of compromised records exceeded 37 billion. That's a 141% increase from 2019. Much of this compromised data appears on the dark web, where cybercriminals use it to facilitate illegal activities such as identity theft and money laundering.&nbsp;
If you have been the subject of a data hack, you are not alone. However, it's important to act quickly to prevent hackers from accessing your personal or financial accounts.&nbsp;
There are other types of cybercrime to consider. Cybercriminals use techniques like phishing, where they impersonate people online and trick victims into handing over their personal information. Phishing now accounts for more than 80% of all cybersecurity incidents, and criminals steal $17,700 every minute in these attacks.&nbsp;

<h2>What Kind of Information Do Hackers Steal?</h2>
Hackers steal all kinds of personal and financial information:
<ul>
<li>Names</li>
<li>Email addresses</li>
<li>Usernames</li>
<li>Passwords</li>
<li>Addresses</li>
<li>Phone numbers</li>
<li>Bank account details</li>
<li>Credit card numbers</li>
<li>Social Security numbers</li>
<li>Insurance information&nbsp;</li>
<li>IRS information</li>
<li>Photos</li>
<li>Private message</li>
<li>SMS messages</li>
</ul>
Nothing is off-limits for hackers, and these criminals go to great lengths to steal your data. Once they have access to the information above, hackers can transfer money from your bank accounts, use your identity to apply for financing, and damage your credit file.&nbsp;
Read more:&nbsp;<a href="https://teampassword.com/blog/the-scariest-data-breaches-of-all-time" target="_blank" rel="noopener">The Scariest Data Breaches of All Time</a>.
TeamPassword is the best password manager for teams. Features include two-step verification, password encryption, easy password sharing, and more.&nbsp;<a href="https://app.teampassword.com/dashboard#signup/testimonial" target="_blank" rel="noopener">Get a free trial now</a>&nbsp;and learn how TeamPassword keeps you safe online.&nbsp;

<h2>Have I Been Hacked? How to Stay Safe.</h2>
There are several ways to improve online security and prevent hackers from accessing your personal information:
<ul>
<li>Use the latest security software and apps when using devices and browsing the internet.</li>
<li>Carry out regular risk assessments where you evaluate your security software.</li>
<li>Back up personal data to a reputable cloud service instead of keeping it on your device.&nbsp;</li>
<li>Don't share personal information with other people.</li>
<li>Create a security management strategy for your organization and share it with all team members.&nbsp;</li>
</ul>
Using a password manager is another way to stay safe online. The best ones encrypt your online passwords so hackers can't access these credentials, and you can keep passwords in a secure cloud-based vault and not have to remember them. There are various password managers online, including free ones available through most internet browsers, but not all tools are the same.&nbsp;
If you work alongside a team, consider TeamPassword. It's the&nbsp;<a href="https://www.teampassword.com/" target="_blank" rel="noopener">password manager for teams</a>&nbsp;that require world-class security and performance. This all-in-one password solution helps teams like yours store, manage, and share passwords in the safest way possible.&nbsp;

<h2>How Can TeamPassword Help?</h2>
TeamPassword prevents hackers from stealing your organization's most sensitive data with an incredible range of password management features. Enterprises of all sizes use TeamPassword to manage passwords, including tech startups, digital marketing agencies, creative agencies, and software and development teams.
Here are some&nbsp;<a href="https://teampassword.com/features" target="_blank" rel="noopener">TeamPassword features</a>&nbsp;that prevent situations involving a stolen password:
<ul>
<li>Random password generation that creates unique passwords for websites.</li>
<li>Two-step password verification.</li>
<li>Activity and logging tools so you can discover who has access to password management features.</li>
<li>Secure encryption technology.</li>
<li>Email notifications about password management actions.</li>
<li>Passwords stored securely in one place. </li>
</ul>
<h2>Final Word</h2>
If you're looking for the answer to the question, "Have I been hacked?" it's difficult to know for sure. Preventing hackers from compromising your data in the first place provides a better resolution. TeamPassword lets you store and manage passwords in a secure environment and minimize the effects of a stolen password so you can avoid hackers stealing your data and continue to collaborate on team projects.&nbsp;
With features like password encryption, two-step authentication, and random password generation, TeamPassword is the best password management solution for teams that want to improve online security.&nbsp;<a href="https://app.teampassword.com/dashboard#signup/testimonial" target="_blank" rel="noopener">Sign up for a free trial</a>&nbsp;now.

Have I been hacked? Here's how to check if you have and learn how to stop hackers from stealing your data. | TeamPassword Blog

Have I been hacked? Here's how to check if you have and learn how to stop hackers from ...

Have I Been Hacked? How to Know for Sure.

Password encryption is essential to store user credentials stored in a database securely. Without password encryption, anyone accessing a user database on a company's servers (including hackers) could easily view any stored passwords.
Even a strong 32-character password created using a <a href="https://teampassword.com/password-generator">secure password generator</a> is useless without password-encryption! If someone can read your password on a server, they can use it simply by copy/pasting it&mdash;no matter how long or complicated the password might be!
Encryption scrambles your password before saving it on the server. So, if someone hacks the server, instead of finding password123, they find a random series of letters and numbers.
In this article, we're going to explore the world of password encryption, why <a href="https://teampassword.com/blog/tips-and-tricks-to-create-a-strong-password">strong passwords matter</a>, and how you can practice better password management!
&rlm;&rlm;&lrm; &lrm;
<a href="https://app.teampassword.com/dashboard#signup/testimonial">TeamPassword</a> is the password management solution for small businesses! Create, store, and share login credentials safely with employees, contractors, and clients. <a href="https://app.teampassword.com/dashboard#signup/testimonial">Sign up for a 14-day free trial</a> today!
&rlm;&rlm;&lrm; &lrm;
<h2>Understanding Password Encryption</h2>
To explain password encryption effectively, we must first grasp the language. Several terms might be unfamiliar, so here is a quick intro to password encryption terminology.
<ul>
<li style="font-weight: 400;" aria-level="1">Key: Used to lock and unlock passwords using a random string of bits. You get private and public keys that crypt and decrypt data differently, but we won't get too deep in the weeds with keys!</li>
<li style="font-weight: 400;" aria-level="1">Bits: A logical state with one of two possible values, including 1/0, true/false, yes/no, or on/off as typical examples.</li>
<li style="font-weight: 400;" aria-level="1">Block (block cipher): A deterministic algorithm operating on fixed-length groups of bits, called blocks.</li>
<li style="font-weight: 400;" aria-level="1">Hash function: The algorithm that uses the key to create password encryption and decryption. A hash function is essentially a piece of code that runs every time someone saves a password or logs into an application.&nbsp;</li>
<li style="font-weight: 400;" aria-level="1">Hash: A random series of numbers and letters representing your password. The hash function uses your hash instead of the raw password for authentication.</li>
<li style="font-weight: 400;" aria-level="1">Salt: Additional letters and numbers appended to the hash</li>
</ul>
&rlm;&rlm;&lrm; &lrm;
<h2>How Does Password Encryption Work?</h2>
When you save a new password, a hash function creates a hash version and saves that on the server.&nbsp;
Every time you log in using your password, the hash function recreates the hash to see if it matches what's stored. If the hashes match, the algorithm passes the authentication and logs you in.&nbsp;
For example:
<ul>
<li style="font-weight: 400;" aria-level="1">Original password: Pa$$w0rd123</li>
<li style="font-weight: 400;" aria-level="1">Hashed password: 6AF1CE202340FE71BDB914AD5357E33A6982A63B</li>
</ul>
While this might seem secure, simple hashed passwords aren't hack-proof.
The hash function only creates a unique hash for each password, not each user. So, if multiple users have the password, Pa$$w0rd123, the hash will be exactly the same.
To overcome this encryption vulnerability, engineers salt passwords so each hash is unique, even if the passwords are identical.
<h3>How Salt Works</h3>
A salt appends a unique value of 8 bytes (16 characters) to the password before the hash function creates a hash. This way, even identical passwords are unique before the hash function.
For example:
<ul>
<li style="font-weight: 400;" aria-level="1">Two identical passwords: Pa$$w0rd123</li>
<li style="font-weight: 400;" aria-level="1">Salt value one: E1F53135E559C253</li>
<li style="font-weight: 400;" aria-level="1">Salt value two: 84B03D034B409D4E</li>
<li style="font-weight: 400;" aria-level="1">Password one before hash: Pa$$w0rd123E1F53135E559C253</li>
<li style="font-weight: 400;" aria-level="1">Password two before hash: Pa$$w0rd12384B03D034B409D4E</li>
<li style="font-weight: 400;" aria-level="1">Password one hashed value (SHA256): 72AE25495A7981C40622D49F9A52E4F1565C90F048F59027BD9C8C8900D5C3D8</li>
<li style="font-weight: 400;" aria-level="1">Password two hashed value (SHA256): B4B6603ABC670967E99C7E7F1389E40CD16E78AD38EB1468EC2AA1E62B8BED3A</li>
</ul>
&rlm;&rlm;&lrm; &lrm;
<h2>5 Common Password Encryption Methods</h2>
<h3>1. Data Encryption Standard (DES)</h3>
While applications no longer use Data Encryption Standard (DES), it's important to mention this password encryption method because of its history and influence on more secure modern standards.
IBM developed DES as a 56-bit encryption technology in the early 1970s. The NSA adopted and improved DES before it was approved worldwide as the encryption standard.
However, since the late 70s, hackers have been able to break DES encrypted passwords. In 1999, ethical hackers managed to break a DES key in under 24 hours.&nbsp;
To make DES more secure, engineers created Triple DES and later Advanced Encryption Standard (AES), which we still use today.
<h3>2. Triple DES</h3>
Triple DES uses three 56-bit keys (blocks) to create 168-bit encryption (some security experts argue that Triple DES is only 112 bits strong). Although Triple-DES is slowly being phased out, many financial institutions still use it to encrypt ATM PINs.
<h3>3. Advanced Encryption Standard (AES)</h3>
AES is the new encryption standard&mdash;trusted by the United States Government and many other prominent organizations globally. At 128 bits, AES is sufficiently secure, but most organizations prefer heavy-duty 256-bit encryption.
At <a href="https://teampassword.com/security">TeamPassword</a>, we use 256-bit encryption to store passwords, ensuring the highest levels of security for our clients. We're also a <a href="https://teampassword.com/security">secure hosting provider</a> holding multiple security accreditations.
Hackers can only break an AES encrypted password through a brute-force attack&mdash;trying password combinations to find the right one.
To counter brute-force attacks, applications will lock an account after a certain number of attempts or use tools like Google's reCAPTURE.
<h3>4. Blowfish</h3>
American cryptographer, Bruce Schneier, designed Blowfish in 1993 as an antidote to the weak DES encryption. Blowfish uses a 64-bit block and variable key length of 32 to 448 bits.
Although Blowfish is more robust than its DES predecessor, the 64-bit block is still vulnerable to attacks, most commonly birthday attacks&mdash;a cryptographic attack that exploits the mathematics behind the algorithm.
To solve Blowfish vulnerabilities, engineers created Twofish in 1998 (128-bit blocks with 256-bit keys) and Threefish in 2008 (256, 516, 1024-bit blocks with 256, 516, 1024-bit keys).
<h3>5. Rivest-Shamir-Adleman (RSA)</h3>
RSA is one of the oldest and widely used to transfer data securely. The encryption works with two keys, two large prime numbers, and an additional auxiliary value.
Due to the complicated encrypting and decrypting process, there is no known method for breaking RSA encryption.&nbsp;
Although widely used for transferring data, RSA is slow and not suitable for password encryption.
&rlm;&rlm;&lrm; &lrm;
<h2>Why Strong Passwords Matter</h2>
Password encryption can only prevent criminals from viewing saved credentials stored on a server&mdash;but cannot prevent hackers from guessing weak/commonly used passwords. If you <a href="https://teampassword.com/blog/colonial-pipeline-ransomware-attack-dont-reuse-passwords">reuse the same password for multiple accounts</a>, this also puts you at risk!
Encryption is most effective when users create robust, unique passwords for every account. For example, a random 32-character password with letters, numbers, and special characters hashed and salted is near impossible to guess or decode, even using a computer!
In another scenario, let's assume you have a strong 32-character password, but you use it for every account. If hackers manage to steal that password, they have access to every account using the same credentials! Your strong password is effectively useless.
<h3>Improving Your Password Management</h3>
Now that you understand password encryption and the associated vulnerabilities, you can see why strong passwords are essential.
Effective password management is crucial to protect yourself against cyberattacks or in the highly likely event of a data breach where hackers steal your credentials.
Criminals are after the low-hanging fruit&mdash;people who use weak passwords!
5 tips for creating stronger passwords:
<ol>
<li style="font-weight: 400;" aria-level="1">Create strong passwords for every account. The easiest way to do this is using a password generator. <a href="https://teampassword.com/password-generator">TeamPassword has a free password generator</a> anyone can use to create passwords from 12-32 characters using uppercase, lowercase, numbers, and special characters. We recommend creating passwords as long as the application will allow.</li>
<li style="font-weight: 400;" aria-level="1">Never create passwords shorter than eight characters, with 12 being our recommended minimum.&nbsp;</li>
<li style="font-weight: 400;" aria-level="1">Never reuse the same password for multiple accounts.</li>
<li style="font-weight: 400;" aria-level="1">Never create passwords with your name, family member's names, or pet's names. With social media, this information is freely available. Criminals can add those names to algorithms for brute-force attacks.</li>
<li style="font-weight: 400;" aria-level="1">Don't store passwords in digital notepads or spreadsheets. We recommend using a <a href="https://app.teampassword.com/dashboard#signup/testimonial">password manager like TeamPassword</a> to create and store your credentials.</li>
</ol>
&rlm;&rlm;&lrm; &lrm;
<h2>Why You Need a Password Manager like TeamPassword</h2>
We have so many accounts these days; it's almost impossible to create unique, memorable, secure passwords for each one. A password manager solves this problem.
Instead of remembering the credentials for every account, you only need to memorize the one to log into your password manager.&nbsp;
TeamPassword keeps all of your credentials safely stored and encrypted, so you never have to memorize a password again. Instead of entering your credentials, you use one of TeamPassword's browser extensions (Chrome, Firefox, and Safari) to log into accounts.
<h3>Built for Teams</h3>
TeamPassword's best feature is its ability to share credentials with team members securely. Instead of sharing passwords, you provide access through TeamPassword.&nbsp;
Employees <a href="https://app.teampassword.com/dashboard#signup/testimonial">use TeamPassword</a> to log in, meaning you never share raw passwords&mdash;no more worrying about unauthorized access or sharing.
You can create groups in TeamPassword to share access with employees, clients, contractors, and freelancers. When someone no longer needs access, remove them from the group with a single click. No need to change passwords every time someone leaves a project!
<h3>Built-In Password Generator</h3>
TeamPassword features a built-in secure password manager so you can create robust passwords for every account. TeamPassword also ensures you never reuse the same credentials so that you won't fall victim to credential stuffing attacks!
With a built-in password generator, you can change passwords regularly, and TeamPassword will update the new credentials for all users!
<h3>Monitor Login Activity</h3>
TeamPassword's activity log keeps track of every action across all of your accounts&mdash;logins, password changes, new team members, sharing access, and more.
You can also set up email notifications for all TeamPassword actions so that you can react fast to any suspicious activity.
<h3>Get Your Free TeamPassword Trial</h3>
Password encryption is not enough to protect your business from password vulnerabilities! You need a robust password manager like TeamPassword to create, store, and share credentials securely.
&rlm;&rlm;&lrm; &lrm;
<a href="https://app.teampassword.com/dashboard#signup/testimonial">Sign up for a 14-day free trial</a> and let TeamPassword secure your company's digital assets.

Password encryption is the number one component of password security. TeamPassword encrypts passwords with state-of-the-art technology to keep passwords safe.

Password encryption is the number one component of password security. TeamPassword encrypts passwords with state-of-the-art technology to keep ...

What is password encryption and how much is enough?

Learn what to do if you forgot your Facebook password and how to use TeamPassword to make sure you never forget a password again.

Learn what to do if you forgot your Facebook password and how to use TeamPassword to make sure ...

TeamPassword Blog

Browse our carefully created articles about Information Security, Password Management, Product Information, and Modern Business, all written with your team's safety and success in mind.

Most popular articles

Business

November 14, 2021 ∙ 9 min read

10 extremely successful freelancers and what they do

Have I Been Hacked? How to Know for Sure.

What is password encryption and how much is enough?

What to do if you forgot your Facebook password?

Business

October 27, 2022 ∙ 8 min read

How to Talk to Remote Employees About Cybersecurity

Cybersecurity

October 19, 2022 ∙ 10 min read

What Can Hackers Do with your Email Address? - TeamPassword

Cybersecurity

October 18, 2022 ∙ 9 min read

How Often Should You Change Your Password? The Importance of Password Safety

Cybersecurity

October 6, 2022 ∙ 5 min read

The Optus Breach: How Not to PR

Password Management

September 29, 2022 ∙ 9 min read

How to Optimize Local SEO for Your Business

Cybersecurity

September 27, 2022 ∙ 7 min read

The 2022 Uber Breach

The Password Manager for Teams

Product

Support

Channels

Legal