By Tony Larks, Vice President, Global Consumer Marketing, Trend Micro
Some of you might have read recently that Yahoo’s been having a few problems on the security front. In mid-July, it became the latest in a long line of online companies to be hacked, in this instance exposing the passwords of over 450,000 users.
Yahoo isn’t the first and it certainly won’t be the last web firm that has a customer data breach. Criminal gangs motivated by money and even hacktivists hoping to prove a moral point know there are valuable goodies to be had behind the cyber walls guarding the databases of these web firms. And they have the tools to break through many defenses.
Professional social networking site LinkedIn and online dating site eHarmony are just two other big names that have fallen in a similar way in the past few months, exposing millions of passwords.
The cyber hoodlums can either use these passwords to hack accounts and commit ID fraud, or they could sell them on the black market to other criminals for a fee. Others, of course, only want to make a point and cause embarrassment for the companies involved in the breach, but by publicising user details on the web, they also put them at risk of being used maliciously.
A world lived online
Our lives are increasingly lived online. We bank online, shop online, book cinema tickets and holidays, play games, communicate via social networks, email and Skype. All of these require users to open accounts and usually rely on passwords as the primary means of securing those accounts.
A recent report from analytics firm Experian found that on average British computer users have 26 online accounts. However, crucially they only use five passwords between all of them. Imagine if a thief got hold of your Yahoo passwords and you used that same credential to log-in to your online banking? It’s only a small leap for that hacker to end up emptying your bank account.
What to do
There is, of course, a huge responsibility on the service providers – Yahoo, LinkedIn or eHarmony – to make sure their systems are as secure as they possibly can be to hackers. But users need to do their bit too.
Wresting back an account once it has been hacked can be a stressful and time-consuming process. So try to take preventative measures as per the following:
- Don’t reuse passwords across accounts – use a unique one for each account
- Create strong passwords for each – combinations of numbers, letters and other characters like &*%$
- When it comes to password reset questions, choose the question to which the answer is something only you could know – in other words, not birth date or mother’s maiden name, as these could be found with a bit of digging by a concerted hacker
If you get to choose a question yourself, even better. And remember it doesn’t need to be true, just an answer you can remember.
- If you’re notified of a password or security breach at a company you have an account with, change your log-ins immediately, even if not prompted to do so straight away.
- Consider Trend Micro™ DirectPass™ – it manages all your passwords in one secure location and will generate secure passwords that you don’t have to remember. It takes the headache out of password security.
Passwords are imperfect but then again so is online security. Staying safe online is just about doing the best you can and being alert to the threats. Good luck.
Tony Larks works for Trend Micro and is guest blogging for the Fearless Web. The opinions expressed here are his own.