I feel it’s important to remind Filipinos about the importance of protecting their online accounts. There have been recent incidents of hacking and data breaches involving various Philippine government agencies, such as PhilHealth, PSA, DOST, PNP, and even DLSU. It’s only a matter of time before this data ends up on the dark web or indexed by websites like HaveIBeenPwned.com (HIBP).
One crucial step is to ensure that you have unique passwords for all your online accounts. This prevents hackers from effectively using your credentials on other websites. If one account gets breached, immediately change its password, knowing that none of your other accounts are at risk.
Furthermore, enabling multi-factor authentication (MFA) adds an extra layer of security. Without the additional factor, such as a code or authentication app, your username and password become useless. However, be cautious of using SMS as an MFA method, given its vulnerability to SIMjacking, phishing, and social engineering. Application-based second factors and hardware-based second factors/passkeys are recommended. Apple’s passkeys, utilizing biometrics, are gaining popularity, and Google is following suit.
Another option is to use unique email addresses with unique passwords for each online account. Avoid relying on the commonly known “+ method” to create email aliases, as it’s easy to derive the main email address from those aliases. Services like Apple’s Hide My Email, ProtonMail, DuckDuckGo, and Firefox email alias generators provide an extra layer of protection for your accounts.
Managing the complexity of unique email aliases, unique passwords, and MFAs can be challenging to memorize. Utilizing a password manager is essential in such cases. There are free options like Apple’s iCloud Keychain passwords and Bitwarden, as well as others like 1Password and ProtonPass (which I personally use)—just be cautious when choosing a password manager.
Earlier, I mentioned HIBP. You can check your email addresses on HIBP to see if they have been involved in any data breaches, including the COMELEAK data breach. Register your main email addresses to receive alerts if they appear in HIBP’s database. This way, you’ll know which online service has been hacked and can quickly change your account password to minimize potential damage.
Protecting your accounts should be your top priority. It may require going through all your online services, changing passwords (and email addresses if necessary), and setting up MFA. Although it might be tedious, it’s necessary, so don’t delay—take action now.