Multiple news agencies reported the theft of nearly two million user names and passwords for accounts at Facebook, Google, Twitter, Yahoo, ADP and others in November 2013. Sadly, most reports entirely missed the real story – 2 million compromised accounts are but a drop in the bucket. At least 154,000,000 user accounts have been compromised in the last few years. Thousands of these have been published on the internet for all to see. Will yours be next?
The most frequently “cracked” accounts used simple, common passwords – variations of 123456789 being the most common of all. Lest you feel confident because you have secure passwords, please note that 5% of the compromised accounts had “excellent“ passwords.
It’s a tedious exercise to create and remember unique, hard-to-guess passwords, but that’s nothing compared to the misery you will experience if a determined hacker starts abusing your identity and your finances. If you have fallen into the common pattern of using the same user identity and password for multiple accounts, you may quickly realize that one purloined password leads to open doors to your email, bank accounts and more.
If you have been lackadaisical about passwords, perhaps a resolution to improve is in order. Start with your most critical areas – email and financial accounts. Each password should be new, unique and nearly impossible to guess. A good password is at least 8 characters long; 14 or more is even better! Do not use a common name or a word that can be found in any dictionary. Use at least three of the four character types: upper case and lowercase letters, numbers and symbols (like punctuation marks). Create something you can remember but is unlikely to be guessed. If you have trouble with this exercise, search “create strong passwords you can remember” for scads of hints.
Too many passwords to remember? There’s an app for that too! A password manager is a program that keeps your passwords and other logon information in an encrypted database. That way, you only have to remember one password–the one that opens the password manager. Some will create secure passwords for you, some will synchronize multiple devices over the internet, and some are even free. Frequently recommended programs include Password Safe, KeePass, RoboForm and LastPass (free); there are multiple alternatives available. This is a variation of putting all your eggs in one basket and watching the basket very closely. Make sure that the one password you have to remember really is a secure one!
Don’t forget that someone else may desperately need that very secure password if you are no longer able to manage your own affairs. If that password is the sole access to important information, make sure your trusted family member can access crucial data when necessary.
P.S. If you have an account at Adobe, Stratfor, Gawker, Yahoo or Sony, you can go to a website to check a growing database to see if your account has already been compromised. Simply enter your email address and get an instant yes/no answer at haveibeenpwned.com.