, ,

CIAOn December 3rd, the Information Security Company, Trustwave Holdings, published their findings of a massive data breach where hackers successfully stole about 2 million usernames and passwords. These credentials were stolen from more than 93,000 websites including many popular sites like:

• Facebook
• Google (Gmail, YouTube, Google+)
• Yahoo
• Twitter
• LinkedIn 

This was announced just weeks after Adobe announced the data breach of e-mail addresses and passwords on their systems.

Why Should I Care?

Even if you aren’t worried about people accessing your personal data (name, address, banking information, etc.) that is kept on your computer or any of the websites you use, there are a couple reasons that you want to make your computer as secure as possible.

1. Your Computer Itself – The number one thing that hackers want is your computer. They link a bunch of computers together in what is called a botnet and use that botnet to attack more lucrative targets like Google or government data centers.

2. Your Contacts – You have access to many names and addresses in your contacts. To an attacker, these are other easy targets.

3. Organization Data – If an attacker is able to compromise your account they can gain access to your work database and other company data. There they can find more personal information of people on your servers, intellectual property, and most of the files that make things run smoothly in the organization.

What Can I Do?

There are several things that you can do to be more secure in your personal and work computing:

1. Change your passwords – Chances are that if you haven’t changed your password in over a year it has been compromised.

2. Use a unique password for each website on which you have an account – This protects you when your password files are taken from a website’s server. If the attacker gets your information from one site he doesn’t automatically have access to all of your other accounts if you are using unique passwords.

3. Use separate e-mail addresses for personal computing and work computing – In addition to that, use your work email address when you sign up for work related accounts and your personal email address when you sign up for personal accounts.

How Do I Create a Strong Password?

Strong passwords:

• Contain most or all of the following character classes:

o Lower-case letters
o Upper-case letters
o Numbers
o Punctuation
o “Special Characters” (e.g. @#$%^&*(){}[]/ etc.)

• Contain at least ten (10) characters.

• Do not contain a word found in a dictionary (English or foreign).

• Do not contain common usage words such as: o Names of family, pets, friends, co-workers, fantasy characters, etc.

o Birthdays, addresses, phone numbers, or other personal information.
o Any words or derivation of the company name.
o Any of the above spelled backwards.
o Any of the above preceded or followed by a digit (e.g. “password1”, “1password”).

How Am I Supposed to Remember Passwords Like That?

There are a couple ways to make remembering strong passwords a little easier.

1. Create passwords that can easily be remembered. One way to do this is to create a password based on the first line of your favorite song, poem, book, etc. For example, the phrase might be: “A Mighty Fortress is our God” (LSB 656). The password could then be “@mfioG#656”, “AMFioG-LSB656”, or some other variation.

(Note: Do not use either of the above examples as a password!) 

2. Use a Password Vault – There are services like LastPass and 1Password that will generate strong random passwords for each account that you have and keep them in an encrypted vault that you gain access to with a single strong password.

Information Security is an ongoing and evolving task. The above suggestions are just the beginning steps to take in the fight against hackers and other cyber-attackers. By using strong and unique passwords you begin your task in being more secure in your personal computing and help to protect the confidentiality, integrity and availability of digital resources that you have access to.