Our Newsletter: August, 2014
By Richard Patrick of LazrWeb Services | August 11th, 2014
Hacked Passwords and what you can do about it
Last week's news about the Russian crime ring that hacked some 1.5 billion plus usernames and password combinations makes right now the time to evaluate ways to protect yourself online going forward.
These account credentials (username and password) hacking was described in a New York Times story last week based on the discovery by Hold Security, a Milwaukee firm that has a good track record of uncovering serious online security breaches.
Hold Security, called this latest data heist "the largest known collection of stolen Internet credentials." Hold's researchers did not identify the origins of the data or name the victim websites, citing nondisclosure agreements. Probably they didn't want to expose the companies that would stand to lose millions in online business if revealed as they are still vulnerable to hacking, according to the NY Times report.
Hold Security didn't immediately respond to inquiries from The AP.
If you do any online purchasing at any major big or little on line retail store, chances are your credentials have been compromised, our advice: change them immediately. One of the best things you can do is to make sure your passwords are strong. Here are seven ways to strengthen them:
- Make sure your passwords are the recommended minimum of 8 characters, but 14 is better and 18 plus is even more secure. Some services have minimum character limits on passwords and some have limits on a password length.
- Always use combinations of numbers and letters, also use upper and lower case characters. Using symbols such as the "!" exclamation mark or the "#" hash tag adds an additional layer of security. Some services won't let you do all of that, but try to differ it as much as you can. "pAsSwOrD#29" is way better than "password29."
- Avoid words that are in dictionaries, even if you add numbers and symbols. There are programs that try and crack passwords by going through databases of known usual words. One simple trick is to add numbers in the middle of a word - as in "mypas123swor456d" instead of "mypassword123456." Another simple method is to use the first character in a familiar sentence - like: "duoaywhtduy" as in "do unto others as you would have them do unto you."
- Substitute numbers and characters. For example, use the letter "O" (oh) instead of the number zero (0), or replace an S with a "$" dollar sign.
- Avoid passwords that are easy to guess, even if they are not in a dictionary. Never use your name, company name or hometown, for example. Avoid pets and relatives names as well. Conversely, stay away from words or combinations that can be looked up, such as your birth date or your ZIP code. But you can use them as part of a more complex password. Try reversing your ZIP code or phone number and insert that into a string of letters. As never you should use "password" as your password, or consecutive keys on the keyboard, such as "123456".
- Never, ever reuse your passwords on other accounts; with a few exceptions. I've had to create scores of online accounts. Many are them are for one-time use, such as when a offer to get a PDF or something like that on a website that requires you to register to access the PDF. It's alright to use simple passwords and repeat them on those websites, as long as the password is not used to engage credit card payments or to post message on a message board.
The other exception is to log in using a centralized sign-on service like the common "Log in with Facebook" account. Hulu, the streaming TV/program service for example, gives you the option of using your Facebook credentials instead of creating a separate account just for their site. This technically isn't really reusing your password, but a fact of Hulu borrowing the log-in system Facebook already has. Your account information isn't stored then with Hulu. Facebook merely tells Hulu's computers that it's you. Of course, if you do this, it's even more important to have a very strong and secure Facebook password.
- Some email services like Gmail even give you the option of using two passwords when you use a particular computer or device for the first time. If you have that feature turned on, the service will send a text message with a six-digit code to your phone when you try to use Gmail from an unrecognized computer or device. You'll need to enter that code to access your account, and the code expires after a very short time. It is more steps, but these additional steps could save you from serious problems down the road. Hackers won't be able to access the account without possessing your mobile phone number. Use Google's account's security settings to enable this feature.
You can't just trust anything on line anymore. You can't just use weak passwords and hope or pray that you won't fall victim to identity theft or even much worse. They can eventually build a data base on you and have access to all your personal information from Facebook, Twitter, Pinterest, LinkedIN, etc, and even dating sites to phish for your birthday, town, state, phone number, etc.. Never mention when you might be leaving for vacation or a dental appointment, etc.. Believe it or not, but criminals scour the internet relentlessly looking for such opportunities to find you not at home so they can break in and cause you more damage.
There are programs that can manage your passwords, and some like EssentialPIM available here, do a whole lot more than just store your passwords. It lets you control your appointments, to do lists, notes, email messages, password entries and contacts all in one FREE program.
Another FREE secure password generator: Random Password Generator available here. This nifty little intuitive program generate secure passwords and stores them for you.
Another good find available at downloads.com is a hack proof AES (Rijndael) algorithm with a 256-bit key which forms the strongbox of Password Agent Lite, which stores up to 25 passwords in one database. An upgrade is available for more passwords. Download it here.
Another FREE program available at downloads.com is PasswordBox which keeps all of your online passwords in one convenient location and accessible from any computer. Download available here.
KeePass Password Safe Professional is a convenient utility that lets you create a database to store all of your log-in information for various sites. Available here.
You have to change all your passwords for all your online accounts, and change them at least every few months, if not more like monthly and make them all secure. This has to be the way you do it now and into the future.
© 2010 LazrWeb all rights reserved