Ebay Hacked: If You Aren't Routinely Changing Passwords, a Reminder Why You Should
I work with people every day who entrust me with their passwords so I can assist them with their tech issues, and I am constantly amazed at the overly simplistic nature of passwords for tremendously important data. It is reminiscent of the scene in Spaceballs where Dark Helmet says of the code to a planet's protective shield, "So the combination is...one, two, three, four, five? That's the stupidest combination I've ever heard in my life! That's the kind of thing an idiot would have on his luggage!"
Even Dark Helmet gets that you need better passwords.
Yet, shockingly, far too many people are more concerned with their ability to remember a password than with its safety. With the recent Heartbleed security vulnerability and now the most recent hack of popular auction site Ebay, there is one thing everyone can do to protect themselves: change their passwords. Every time a company is hacked, it immediately tells its users to change their passwords.
By now, this should be common practice for anyone who uses the Internet with regularity, but it's not.
And, yes, I know you hate doing it because it's so easy to remember that every password is your kitty's name plus 123 at the end, but that is exactly what people who breach the security of websites you use want. The easier the password, the more likely it is your information will be compromised.
Companies who protect your data go to extreme lengths to do so, but their greatest single vulnerability is your weak-ass password. So, here are some tips for password use.
Variations on a password theme aren't complicated enough any longer.
One common method for producing easy-to-remember passwords has always been to use a series of words and numbers combined in different ways. Using the name of a pet and the last four digits of an old girlfriend's phone number and capitalizing randomly seemed a pretty good way to keep hackers at bay and make memorable passwords. Not any longer. Security experts admit that with the sophisticated technology and code-breaking algorithms run by criminals, having a set of words and numbers can actually be WORSE for security because it leaves every site that uses that pattern vulnerable once the first one is cracked.
Use a random password generator.
The best way to ensure a good password is to use a password generator to create one. Go with at least 12 characters and include numbers as well as lowercase and uppercase letters at a minimum. Punctuation is also a good thing, assuming the website doesn't prevent its use. The more complex, the better.
Change all passwords routinely, but especially stuff related to money.
Admittedly, certain places rank lower on the protection scale than others. And while all should be changed regularly, certainly banks, credit cards and any place that stores your monetary information (e.g., Amazon or anything with bill pay) needs to take priority.