Earlier this year daily deals site Living Social suffered one of the worst security breaches of our times, with 50 million encrypted passwords stolen. It’s the kind of number that makes people sit up and take notice, but they aren’t the only victims of a crime like this. Linked In, Evernote, eHarmony, Yahoo, Sony – twice – all big names that have fallen foul of this kind of attack on a massive scale, so you’d better make sure you’re running a secure password system wherever you sign up on the web.
Nothing in this world is completely safe, but you can improve your odds against Internet hackers by using an incredibly safe, complex password. This means using lower and upper case letters, numbers, symbols and spaces. Your password should be as long as possible; certainly no shorter than eight characters but ideally in excess of 14. One fairly common mistake is to use information that is freely available on the social web, like the name of your pet or your date of birth – hackers are onto this and if your Facebook or Twitter profile gives away any personal information these will be the first words they will try when attempting to break in. The other thing to avoid is words that appear in the dictionary or famous quotations as this is another thing hacking software can be set up to cycle through.
You can check your secure password creation skills on howsecureismypassword.net, which will tell you how many years it would take a hacker to dicsover it using brute force tactics – in other words systematically cycling through combinations of letters and numbers before hitting on the correct arrangement. Once you’re sure you know how to construct a safe password go and think of a new one to use on your account that you haven’t just given away to a random website, just in case.
One benefit of so many passwords hacked and leaked onto the web is that password researchers have never had such a boon in raw data to work with. Rather worryingly they have found the a lot of us are still using ridiculously unsafe password examples, like ‘12345’ and, ahem, ‘password’. A site like passwordsgenerator.net can help if you’re struggling to come up with something original.
Another common security mistake is to use the same password across all of your logins. Doing so means that if one account is hacked, all your accounts are vulnerable, so set a different secure password everywhere you go. This can give you another problem though – how on earth do you remember all these random passwords? The answer is to use a password manager and there are several good options available, like LastPass, KeePass, 1Password and My1login. Using one of these services you will only have to remember one master password and the login manager will remember the rest.
Most of us store important and sensitive information on a desktop computer at home or at work, with the risk that if someone breaks in and steals it your personal files and documents could be compromised. You can protect those files and documents with a password too, adding another layer of security to your information. It also goes without saying that a regularly updated anti-virus solution will protect your computer against getting infected with a virus that would steal your passwords through logging your keystrokes. As an extra safeguard you can install an anti-key-logger like Key Scrambler that I reviewed a few weeks ago.
Personally I don’t do banking or other sensitive online activities on my smartphone as you never know who might be looking over your shoulder when you’re logging in. If you do, always check to see if anyone is watching and cover your screen with your hand when entering any passwords. You’d also be wise to log off any sensitive sites when you’ve finished interacting with them on your handset, just in case you lose it.
A lot of major websites also now offer 2-step authentication, which requires you to input a unique code that has been texted to your phone before you can log onto a site from a new location or browser. This means that anyone who manages to hack or discover your password will also have to have possession of your mobile phone before they can access your account. If you choose to opt in it will help keep your accounts safe, though if you move around a lot, swapping the devices you connect from, you might find it gets quite irritating after a while. It is definitely worth persevering though if security is important to you.