The dust is settling from the latest major Internet security breach – a massive hack by a Russian crime gang that compromised more than 400,000 Web and FTP sites and may have exposed more than 1.2 billion user passwords, IDs and email addresses. It may be the largest theft of security credentials in history – so far.
If there is a positive spin to put on this cybercrime, according to a respected security firm, it appears that the stolen data do not involve a large amount of detailed credit-card information. Instead, the pilfered IDs, passwords and email addresses may be used primarily to generate spam that advertises dubious consumer products.
This latest incident is bound to give Internet users a renewed sense of vulnerability, and the sheer scope of it means it’s likely that one or more of your password-protected sites may be affected. The initial strategy to combat these thieves is simple: Change your passwords immediately!
But a thoughtful approach to password selection will help you gain a measure of extra protection from organized “phishing” expeditions that hackers use to gain unauthorized account access.
First, the experts advise you to use a unique password for each of your online accounts – having one common password for access to all sites just makes it easier for one hack to unlock the keys to your Internet kingdom. And get in the habit of changing them frequently (at least every six months) to stay at least slightly ahead of the cyber theft curve.
When it comes to constructing a new password, simplicity is not beautiful. Instead, complexity should be your goal. Try using long phrases or even sentences familiar to you that can be condensed into strings mixing upper and lower-case letters, numbers and special symbols.
Of course, longer, complex passwords are more difficult to remember, but don’t create an additional opportunity for hackers by storing passwords for reference in a document on your computer.
Password managers such as LastPass, Dashlane and KeePass can be effective tools to organize and maintain a host of complex passwords. But they also can be subject to hacking in a worst-case scenario, so passwords or other ID credentials for these master sites must be appropriately secure. Yet, even with this risk, password managers are an extra layer of protection that’s a step forward.
Another even stronger layer of security is available from using two-factor authentication to log-on to your favorite online service – a system that requires entering a password and a second one-time code, often generated through a mobile device that has been linked to the account.
Already, sites such as Amazon, Microsoft, Gmail and Twitter offer it, and you should enable this process if given the option. While no solution is fool-proof, any extra step that makes it more difficult for hackers to penetrate site security is valuable.
Don’t wait for the next headline about a security breach to take action: be proactive and vigilant about managing your passwords. And by using tools already offered by Frontier Secure to help manage your online security, you have a head start on staying a step ahead of the next hack attack.