Recently, we’ve been hearing about a lot of password theft – roughly two million passwords for common sites like Gmail, Yahoo, Facebook, Twitter, LinkedIn, and others. Two million passwords. That’s a lot!

Contrary to some accusations that the web services had been leaking passwords, the information was gleaned by a computer virus. The keglogging virus tracked keyboard commands, and once the user typed their username and password, the keystrokes were sent to proxy servers controlled by hackers. SpiderLabs, a research arm of security firm Trustwave, discovered the hacked information while doing a routine Internet botnet sweep in November.

According to NBC News, passwords such as “123456” and “123456789” came in as the first and second most popular passwords, respectively. Over half of the passwords consisted of one type of character (like all lower case letters or all numbers).

So, if you don’t want yours to be a part of those two million stolen passwords, protect yourself with these tips, originally from CMIT Solutions:

1) Change your passwords!

Cybercriminals love to target those who use the same password over and over for multiple web services—for obvious reasons. Create a strong and unique password, at least eight characters long, and use a mix of upper and lower case numbers, letters, and symbols. Instead of “password33” try something more along the lines of  “P@ssw0rd33”.

2) Take advantage of two-factor authentication.

A two-factor authentication tool requires a normal password as well as a passcode entered from your mobile device. Facebook, Twitter, Yahoo, Google all offer this option, so look for it in your account settings.

3) Ensure that anti-virus software and security patches are up to date.

Remember, it was a keystroke virus mainly responsible for capturing over 2 million passwords. Know which anti-virus software you have, and keep it updated. Your IT tech should know how to help you with this; if you do not have one, be sure to contact us for a referral to someone we trust.

4) Employ a password management tool like LastPass and Dashlane.

(I have not used either of these services, but they look interesting.) CMIT solutions says: “both of these services rely on two-factor authentication; encrypt password data at storage and transfer points; auto-fill forms; and generate strong, randomized passwords. Want an “easy” button for password management? These tools provide it, in particular for businesses subject to industry regulations like HIPAA, FINRA, and PCI.”

5) Check other personal and business accounts to ensure they weren’t hacked.

Facebook, Yahoo, Google, Twitter, and other services all urged users to reset passwords and use two-factor authentication, but since the hack wasn’t their fault they weren’t required to notify users. If any site has required you to reset a password recently, check all of your protected accounts to make sure they haven’t also been hacked.

Online security may sound complicated these days, but it is manageable and it is vital to protect your (and your client’s) information. If you are in need of assistance in this area, contact our office and we will be happy to connect you with someone who can help, so you can get back to doing what you do best. 310-534-5577 or [email protected].

Pin It on Pinterest

Share This