By Trend Labs
Consider the risk you’re taking with the spate of data breaches that spiked in 2011 and continues at a high pace this year. Last Wednesday, nearly half a million usernames and passwords from the Yahoo Contributor Network were stolen. Formspring also found 420,000 of its users’ passwords stolen a day before that. LinkedIn, eHarmony, and last.fm saw millions of their users’ passwords leaked in just a week last June.
We’ve advocated time and again what you should be doing about your passwords:
- The length of stolen Yahoo passwords ranged from 6 – 10 characters. Make yours longer. Start with 10-12 characters and add more for sensitive accounts like banking. Use multiple phrases over one-word passwords.
- Randomize nonsensical phrases, but veer away from popular ones.
- Never use passwords you’ve used for another service or another account in the same service. If cybercriminals crack one of your passwords and you use just that one for all your accounts, say goodbye to your data.
- Use password managers like Trend Micro™ DirectPass™ to easily access stored passwords in the cloud.
In no way will your password management system now be bulletproof. The recent events shine a spotlight on a very real risk: that of security breaches at the service provider’s side of security. It’s like setting up all these high-tech locks on the front door, only to find that a thief has made his way inside through the backdoor, using to the service provider’s super-secret master key.
How helpless would you be in the event of a breach involving a service you use?
If you’ve followed tip #3, you have at the very least minimized the possible impact of a stolen password being used to enter your other accounts. However, as soon as you get wind of a data breach involving an online service that you use, it is best to drop everything and change your password.
Get more tips, advice, and alerts on Internet security, just “like” Trend Micro Fearless Web Internet Security on Facebook at www.facebook.com/fearlessweb.