It seems every day brings a new story of cyber-crime, data theft or computer hacking.
Usually it turns out that the bad guys gained access to online accounts and information by stealing user passwords.
In December, for example, a cyber-security firm uncovered a stash of two million stolen user passwords for major social media sites. Included were 320,000 email accounts, 318,000 Facebook accounts and 21,000 Twitter accounts, sources reported.
“We don’t have evidence they logged into these accounts, but they probably did,” said security manager John Miller in a story at CNN Money.
Here are additional details about the purloined passwords:
- Thousands were variations of “12345 …” or other simple sequences of letters or numbers.
- Thousands more were the word “password.”
- Only five percent of passwords were considered “excellent,” meaning they used all four character types (uppercase letters, lowercase letters, numbers and special characters).
- Only 17 percent were “good.”
- Six percent were deemed “terrible” because they had four or fewer characters of only one type. The number of “terrible” passwords exceeded the excellent ones.
Creating a Better Password
Facebook data security expert Nick Berry told Yahoo!Finance that most people are “staggeringly unimaginative” in selecting passwords.
Here are some tips for becoming more imaginative:
- Double your protection. Some services – such as ATM machines – require dual-factor authentication before you can use them. That means two things are needed to access the account – a traditional password and something tangible you actually hold in your hand like an ATM card or smartphone.
- Make your password strong and unique. Use combinations of letters, numbers and characters. If the service requires only six characters, create a password using seven or eight.
- Write it down. The more complex your password, the less likely you will be able to remember it. So put it in writing – and store that information in a safe place.
- Safeguard your email first. Your email account is often the gateway for bad guys to get access to other vital information.
- Use fake answers to secret questions. That way, you will thwart hackers who may happen to know your hometown or your mother’s maiden name.
- Be careful about saving your password. Sure, it’s a pain to have to type your password every time you log onto an account. But you’ll curse the auto-save function if you lose your cellphone or laptop.
- Mum’s the word. Duh. The whole point of a password is to keep it secret.
- Use discretion. A little common sense goes a long way. Be selective about the places you frequent online. Stay away from sketchy sites.
And if you suspect your account has been hacked, change your password and take other preventive actions. Before it’s too late.
Jay Reeves a/k/a The Risk Man is an attorney licensed in North Carolina and South Carolina. Formerly he was Legal Editor at Lawyers Weekly and Risk Manager at Lawyers Mutual. Contact firstname.lastname@example.org, phone 919-619-2441.
- CNN Money http://money.cnn.com/2013/12/04/technology/security/passwords-stolen/index.html?iid=HP_LN
- Yahoo! Finance http://finance.yahoo.com/news/what-s-the-secret-to-hacker-proof-passwords-214756837.html