By Ken Colburn, Data Doctors
Q: Should I be concerned about the news that Russian hackers have stolen a large number of passwords, and if so, what should I be doing?
A: If the reports are accurate, a Russian gang has apparently pulled off the largest known hack of private internet information ever.
Hold Security of Milwaukee claims to have discovered a global compromise of over 1.2 billion usernames and passwords from roughly 420,000 websites, including 500 million email addresses.
Sounds terrifying, right? Don't panic.
It's not yet clear how serious or recent the threat is.
Forbes points out the computer security company that alerted the New York Times to the hack stands to gain financially by people searching to see if they've been affected.
And, The Verge notes the information may have actually been stolen in earlier hacks.
So, the chances of your accounts being exploited first are pretty low. That means you have time to change all your passwords before a criminal attempts to use the stolen credentials.
This, once again, underscores the importance of not using the same password on all your online accounts. Hackers will automatically try to use your username and password on every major website because they know so many of you still make this huge mistake.
At this point, there's no way to know for sure if your credentials have been stolen, so you should assume they have and act accordingly.
In any case, this is a great wake-up call to strengthen your password protection by doing the following:
- Change all your passwords and make sure every online account has its own
password. To make this more manageable, consider using a password manager. Here's
my advice on easy-to-use
- Longer, easy to remember passwords are more secure than short, complicated
passwords -- aim for at least 15 characters, but make it easy to remember.
Example: I Hate Passwords! is much more secure than A8y@q7P1 and much easier to
- Make sure your e-mail account has a very strong password -- your e-mail
account is the gateway to all your other accounts. Remember, that when you forget
a password, the reset message gets sent to your e-mail account making it really
easy for the bad guys to take over if they get in.
- Make sure you have a passcode setup on your mobile devices - mobile devices
are easily lost or stolen, and if you don't have a passcode to keep strangers out,
they have direct access to your e-mail account.
- Do a search of all your old e-mails for the word ‘password' and delete any
messages that provide information on what accounts you do have. If a hacker does
gain access to your e-mail account, they will immediately search for clues of the
accounts you do have so they can quickly exploit them.
- Turn on 2-factor or 2-step authentication -- virtually every sensitive online account has this feature, but you must turn it on in Settings. When activated, your smartphone becomes part of your security fence. Whenever a site detects that you're signing in from a new computer or device, it sends a special code via text message to your phone to verify that it's you. This way, even if a hacker acquires your username and password, they won't be able to get in without your phone in their hands.
Passwords are the gateway to your digital life and with every breach they become more vulnerable, so don't take this lightly.
© 2014 WTOP. All Rights Reserved.