By Laura Haight
It's getting to be blase. Russia cyber criminals hacking their way into US websites, stealing sensitive personal or financial information. This week is no exception, bringing the news that a Russian cybergang managed to steal 1.2 billion login and password combinations from nearly half a million websites. Ho hum, right?
It can be, if you are one of those who have heeded calls for stronger passwords in the past. If not, don't panic. New coffee mug slogan: Stay calm and get a password strategy.
As our lives have moved to be lived online, the danger is less that someone might break into our homes and more that someone will hack our digital accounts. And it happens with alarming frequency, and in very big and visible ways.
This hack exploited SQL, one of the most common database programming codes in the world. With everything else going on in the world, this isn't getting the same press that the Heartbleed attack got just a few months ago, but it should be equally concerning nonetheless.
The majority of people still use the same couple of passwords for every website to make it easy to remember. But what is easy to remember also exponentially increases your risk of exposure. If the password you use at an online retailer is the same as your Bank of America password, the hacker doesn't have to break into the (hopefully) more secure banking site. He can just waltz right in with your shoe store login.
Here are three ways to minimize your risks and better protect your personal information.
- Use a completely different email address for your primary bank account. Use it for nothing else, just the bank account. Use a password generator to create a password with at least 12 characters using upper case, numbers and special characters like !@#. This should be a password you have to write down. Don't worry about how hard it will be to remember, you won't have to use it very often.
- Be selective about where you create accounts. Many sites allow you to checkout as a guest without having to leave any personal breadcrumbs behind. If you have the option, do it. Even if you do have to create an account, never store your credit card number. The fewer accounts you have, the less time you'll have to spend changing passwords on them.
- Develop a replacement scheme (@=a, #=n, *=x, etc) and then work it into acronyms to create strong passwords. An example: your favorite songs, the albums they're on and the artist might convert to Iwhyhtw@tb68. The important thing is to develop a method that can produce a unique password for each site that you can remember. It may also be time to break down and get a password keeper. At the moment, the best one out there in my opinion in Last Pass, but this is an area that is getting a lot of new attention so new tools are very likely.
There are breaches all the time -- some are far more serious than others -- and everyone doesn't mean you need to go into panic mode. But it does mean you need to pay attention and while you cannot protect against everything that could happen, you need to take all the steps you reasonably can to guard your digital life.
The stores you shop in, the banks you deal with, the social networks you participate in are always targets. Most try hard to plan, prepare and protect against these kinds of exploits. But in the end, you are the last line of defense against hackers, crackers and thieves.