Revisiting how to respond to a data breach

StrongPasswordGenerator.jpgEarlier this month, freelance hiring service Elance suffered a data breach. Announced on the company’s blog, hackers obtained the contact information of registered users like name, email address, telephone number, and city. Login information was also stolen, though Elance says that passwords were protected with encryption.

No other account information, such as credit card numbers or bank accounts, was stolen in this breach.

Elance says that it is taking a “drop everything” approach to this breach, and it has already implemented a number of steps to protect the data of both the company and its users. Besides fixing the hole and communicating with affected users, the company is also requiring that all users reset their passwords according to new, more stringent requirements. Naturally, we are fans of this fundamental recourse to a data breach. We recommend that all Elance users sign in at their earliest convenience to perform this simple, effective process.

How 1Password Can Help

Of course, 1Password makes it orders of magnitude easier to minimize your exposure in situations like this. If you use 1Password to generate your passwords, you have very little cause to worry about duplicate passwords and your risk is mitigated.

If you have entries in 1Password that do use the same password, you can search for entries that have that password and then change them accordingly.

  1. Launch 1Password
  2. Enter your master password to unlock your keychain (if necessary).
  3. Click the magnifying glass in the search field and choose “Search in Password.”
  4. Enter the password in the search field.

This will reveal all the entries with that password.

1Password Workflow for Changing Passwords

  1. Select a login and choose File > Go and Fill Login (cmd+return) from the menu to go to the site and login.
  2. Navigate to the change password page.
  3. Right click the password field and choose “Strong Password Generator” to generate a new password.
  4. Click “Fill” and then submit your password change.
  5. 1Password will attempt to recognize that you are changing your password and offer to update the login’s password for you. If it does not, you can find the generated password in the Password History section of 1Password and update the login manually.

Repeat this procedure for each login that you need to change.

David Chartier
Chief Media Producer, Agile Web Solutions