The New York Times reported that a Russian crime ring has stolen 4.5 billion Internet credentials. These include 1.2 billion username and password combinations and more than 500 million email addresses. To make this all more complex, people tend to use the same password on multiple sites, magnifying the threat.
It is critical that people protect their information by changing their passwords on sites that have key information such as email accounts, bank and credit card accounts and other sensitive sites. Unfortunately many do not change passwords frequently enough, even after a breach such as this and the recent HeartBleed bug.
Mike Snider of USA Today recently wrote Massive security breach: Time to change your password practices. He recommends the following tips for setting new passwords:
- Mix it up – Create passwords that are 10 characters or longer and include uppercase letters, lowercase letters, symbols and numbers, says Adam Tyler, chief innovation officer for identity protection firmCSID.
- Be more creative – Use a unique password for each account, and vary the e-mail addresses you use for accounts.
- Split social media and money – Do not use the same password for credit cards and bank accounts that you use for social media or websites.
Additionally, LifeLock offers additional ideas for password creation:
1. Be unconventional – Avoid common words anyone can find in the dictionary, and simply adding numbers to common terms, like mainstreet12, isn’t any better. Hackers write programs to crack these types of passwords first.
2. Stay impersonal – Many people use birthdays, addresses or other personal info to make passwords memorable. But it is “alarmingly easy” for hackers to obtain personal information about prospective targets, according to Symantec. Avoid anything that refers to your name, nickname, the name of a family member or pet and any personal numbers like phone numbers, addresses or other information.
3. Be complex – The longer and more complicated your password is, the harder it is to guess. Include numbers, symbols and mixed-case letters. Google suggests this technique: Create a phrase known only to you, and associate it with a particular website. A phrase for your email could be “My friends Tom and Jasmine send me a funny email once a day.” Use numbers and letters to recreate it. “‘MfT&Jsmafe1ad’ is a password with lots of variations,” notes Google.
See all the LifeLock tips at http://www.lifelock.com/education/electronic-communication/how-to-pick-secure-password/
To read all of Mike Snider’s tips and he entire article Massive security breach: Time to change your password practices. Go to http://www.freep.com/article/20140806/FEATURES01/308060098/password-change-security-breach