It seems like we can’t go a week without a major security breach and the listing of thousands of passwords to be made publicly available online. So what do the experts think you should do to keep yourself protected?
This week, Yahoo confirmed that just under half a million passwords were stolen from its servers, with the results posted online shortly after.
“We’re unsure as to the specific impact to Australians, but in the past 30 days we have seen large global brands, all with well-established businesses with strong user communities within Australia (i.e. Yahoo!, Linkedin, eHarmony), dealing with breach incidents involving compromised or leaked passwords,” said McAfee’s Kevin LeBlanc. “In the last 30 days, these instances have led to over 7 million user accounts being put at risk.”
With the passwords online, security experts like LeBlanc were able to see the level of complexity – or lack thereof – that regular people used in their passwords.
“Most users are using easy to remember passwords,” said LeBlanc, pointing out that in just over 2,000 passwords, the sequential numbers “123456” were being used, making it one of the easiest passwords to break. Just like what we reported a year ago, the word “password” was still a popular item for protecting an account.
The problem with these passwords doesn’t just come from how overly simple they are, but when they’re also shared between other websites.
If the password for a Yahoo mail account is leaked online, there’s a strong possibility that it’s the same password used for other websites, such as Google, Amazon, eBay, and PayPal, among others.
So why are people using these common passwords?
“The easy answer to this question is likely a combination of [people thinking that] that it makes it much easier when dealing with all sorts of different on-line accounts, and many sites do not enforce anything stronger,” said LeBlanc, McAfee’s Senior Director for Solution and Product Marketing.
In essence, we’re doing it because it’s easy, as opposed to it being safe and secure. Unfortunately, with the rise of cybercrime, we should be doing more to make it harder for people to gain access into our lives.
At the very least, we should have different passwords for each account, or a few different passwords for every few accounts, that way your integrity isn’t at such a great risk if one is hacked or leaked online.
Security software is also a must have, to lessen the possibility that key loggers and other forms of malware are watching what you’re doing.
And then there’s that trusty password, and finding ways to make it harder for people to break.
“The reality is that strong passwords do not have to be so complex that you will never remember them,” says LeBlanc, pointing out that passwords should have at least eight characters and be made up or lowercase and uppercase letters, as well as numbers and symbols.
“Strong passwords are easy to remember but hard to guess,” said LeBlanc. “[As an example] Iam:)2b29! – this has ten characters and says ‘I am happy to be 29!'”