If you’re a fan of Mel Brooks’ work, you probably remember this scene in his Star Wars spoof “Spaceballs”:
When this movie came out in 1987, the internet was a nascent thing confined to dialup and university researchers. So the most secure things people were using were combination locks or padlocks.
Identity theft meant your wallet was stolen or your house was broken into.
Fast forward to today, where chilling news broke last week about the number of password combinations that gang of Russian hackers allegedly have in their possession. From the New York Times:
A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say.
This is just another reminder, albeit a large one, in the wake of hacks of places like Target and skimmers on gas pumps that everyone needs to be vigilant about protecting themselves online.
Best Practice: Don’t repeat username and password combinations.
Let’s face it; the human brain can only hold on to so many different pieces of information before things start slipping away. With the propagation of apps for our smartphones and online services, we are signing up for and signing into more and more sites. If you’re using a single sign-on like Facebook, Google or Twitter for your credentials, make sure that password isn’t used by any other service you use. This limits the damage that could be inflicted were one of those services to be hacked.
And don’t let your password be one on this list. Hackers and spammers have bots, or automated attacks, that try multiple password combinations or try to guess based on patterns or logic. Don’t just hand them the digital keys to your front door. Make it tough for them.
Two password security solutions: Two-factor authentication and a good password manager.
Two-factor authentication is requiring a second step after logging into a site. In other words, it’s not just enough to enter your password, sites now will let you add a challenge question that only you can answer, or they can push an email or SMS message to a device registered to you and only you that requires entering a second set of characters. With two-factor authentication enabled, you would receive notification from a site that someone has successfully logged in and the second-level access is now required. This is a great way to know that you’ve potentially be hacked and can take action.
A good password manager lets you deploy complex, harder-to-crack passwords while remembering a single password. You can remember one REALLY COMPLEX thing, can’t you? Apps like 1Password are very secure and can be embedded into your web browser to make logging in to any of a number of sites automatic. Even better, they contain password generators that allow you to select the complexity in terms of the number of characters, mix of alphanumeric characters and symbols and to have those logins at the ready no matter where or on what device you’re using. Think about how little power a hacker has if the password they get only works in one place.
I personally use 1Password, and they’re available for Windows, Mac, iOS and Android. If you have an iPhone 5S (or later…coming next month “allegedly”), they plan to use the Touch ID feature found in the most recent version of the iPhone to let people access their password list and sign into apps using their fingerprint using the planned “Extensions” feature in iOS 8.
1Password is also on sale right now, so go get it.
Password security is an essential part of life nowadays. By taking a few proactive steps and changing behaviors, you can significantly reduce the risk of being a victim of a cybercrime.