There is a scam e-mail that has been going around lately. Perhaps you’ve received it. It warns you that it has been spying on your computer, and that it knows what you’ve been watching for fun (wink, wink). It attempts to blackmail you to prevent your secret from being revealed.
This e-mail is so laughable and so obviously a scam that when I received it yesterday, I simply deleted it. However, there was one piece of information in the e-mail that concerned me. It mentioned one of my actual passwords, as alleged proof that it had been spying on me.
According to an article I read on-line, the sender of this scam finds a (usually defunct) password of yours which is part of some data breach that has been put for sale on the dark web. What bothered me about this password is that it was my default password back in the days before sites started requiring a mixture of upper and lower case letters, numbers, and special characters. While my newer passwords were more complex, I still had a lot of user accounts on non-essential sites that used that old password.
I went into my password file and discovered that I was still using that password for 68 web sites. Yikes!
Two and a half hours later, I had logged on to all of those sites and created new passwords. It was easier on some sites than on others.
One of the things I discovered when going through this exercise was that some of the web sites were now defunct. Others still existed but didn’t recognize my logon credentials because it had been so long since I had logged on. I was able to delete all of those sites from my list. This is in addition to the many sites whose accounts I have removed over the past few years as I tried to shrink my electronic footprint.
There are still over 300 sites on which I have user ids and passwords. I am happy that my passwords have been diversified, but I still feel very vulnerable to have so many logons. I’m sure I am not alone.