In a recent article on the security website The Registry, it was reported that Facebook has leaked access to thousands of users’ personal information through a bug that overrides their privacy settings. The leaks involved exposing tokens that act as a set of extra keys that enables advertisers and other third parties to access user accounts.
Although the bug has been fixed, existing keys that have been leaked are still viable unless users change their Facebook passwords. So Facebook users out there, change your passwords now if you haven’t done so already.
While you are at it, make sure you choose good passwords, in other words passwords that are hard to guess.
If you have several Internet accounts it’s also advisable to use different passwords for each of them. This decreases the likelihood that hackers can easily login to several accounts if they are able to guess one of your passwords.
This advice is all well and good, but somewhat difficult to put into practice. How do you choose good passwords, particularly if you are changing them on a regular basis?
Choosing Good Passwords
Microsoft posted an article which offers some easy to follow guidelines for choosing passwords. In a nutshell, the article states that a strong password has these characteristics:
- Is long and has letters, punctuation, symbols, and numbers.
- Contains at least 14 characters or more.
- Uses a variety of characters.
- Uses the entire keyboard, not just the letters and characters used or seen most often.
When in doubt about your password selection, Microsoft provides a link in this article to a secure password checker, you can use to try different passwords to verify their strength.
Use Password Recovery Offered By Your Service Provider
Following the practices discussed in this article minimizes the chances of your Internet accounts being hacked and stolen. But no solution is perfect.
In the event that your account is stolen or you just lose your passwords, remember that most service providers offer users a way to recover their passwords. I wrote a blog recently about just such a situation with Facebook.
Last But Not Least…Remember https
Password theft can still happen if you surf the Internet over insecure networks. Most networks transmit information “in the clear” which means that data travels over the network unencrypted. Make sure that when you do business over the web that the sites you go to use HTTPS, a secure web protocol.
You can tell when a site does do this if there is an “https” in the URL. Also check out the Looking to Buy a Panda the Hat? Article on Fearless Web for more tips on secure web network communication.