Hi friends,

Today I would like to share a horror story that might make some think and enforce a higher security over your digitally owned life. I'm sure loosing the steem keys and specially master keys is something terrible and a very sad thing for anyone. But I would also like to share another thing that just happen to someone I know. I was contacted like 4 or 5 days ago in order to help recover a gmail account that seems to be lost. Yeah sure no biggie, its not a really critical email account for the person but there are some aspects that I would like to share.

Weak password

Most of the hacked accounts start by using weak passwords and this can be a whole topic and a very extensive post I would like to make it simple and short. If your password is short, easy to remember, predictable and hacked already chances are very high that you can be compromised in the future.
If you want some more info please read the Broken Authentication topic that is currently the second most important topic in the OWASP top 10. I would also like to share the following site to check if your email's password has been pwned and yeah I've been pwned (meaning my personal info and passwords were exposed by a breach or hack).

I highly recommend changing your password often and specially if its been a lot since the last time you change them, if your email have been pwned you should proceed right away.

Recovery options

If you have out dated recovery options like an old email you no longer have access to or for example a telephone number that no longer works or you have changed it, make sure to update that info as well.

Not being able to recover

In the case of the person I'm trying to help, the impact of the hacked is even further as the email is fully compromised. Attackers already got full control of the account by changing the alternative contact options like email and mobile phone. I can only try to guide the person to secure the other linked resources as well, in many cases people use the same password for multiple sites and also the ability to recover passwords using the email can let the attackers get access to many more information and services.

Loosing everything

Imaging if you have a google document, draft email or even keep note with all your passwords, account numbers, credit and debit card info and even services like Facebook, google play, amazon or everything linked to that single email. I feel like you just gave the key to open the door to your house to thieves. To prevent this, possibly use different passwords for services and even link different services to different types or email that are less important in case you get hacked.

Possible financial impact and personal life treat

Imaging that after loosing access to email account and services, there are new charges on your credit cards or funds moved way or even your precious crypto is blown away. Loosing everything is something that is very likely to happen and also the financial impact on your life can hurt you very much.

What's next

I hope that the person I'm trying to help, understands the risk that was involved and how easy a simple attempt to get bank info could eventually become catastrophic to someone else life.
Please make sure you update your security info, secure your passwords and update/change them regularly and off course try to get to the next stage, where you are also asking for secure sites, you care about certificates and also try to use a secure connection where it is less likely to get hacked.
Get over it, I lost access to an email account once and never managed to recover it. Keep on, learn the lesson and make sure to prepare better, I can assure you attackers are constantly training and learning new ways, why would you stop security yourself?