| 16 |
| Jul |
How to Minimize the Impact of an Online Service’s Security Breach
Article by Fearless Web TeamFiled under: Friends and Family,Hackers and Phishing,Identity Theft,Login ID Management,Password | RSS 2.0 | 1 Comment |
By Trend Labs
Consider the risk you’re taking with the spate of data breaches that spiked in 2011 and continues at a high pace this year. Last Wednesday, nearly half a million usernames and passwords from the Yahoo Contributor Network were stolen. Formspring also found 420,000 of its users’ passwords stolen a day before that. LinkedIn, eHarmony, and last.fm saw millions of their users’ passwords leaked in just a week last June.
We’ve advocated time and again what you should be doing about your passwords:
- The length of stolen Yahoo passwords ranged from 6 – 10 characters. Make yours longer. Start with 10-12 characters and add more for sensitive accounts like banking. Use multiple phrases over one-word passwords.
- Randomize nonsensical phrases, but veer away from popular ones.
- Never use passwords you’ve used for another service or another account in the same service. If cybercriminals crack one of your passwords and you use just that one for all your accounts, say goodbye to your data.
- Use password managers like Trend Micro™ DirectPass™ to easily access stored passwords in the cloud.
In no way will your password management system now be bulletproof. The recent events shine a spotlight on a very real risk: that of security breaches at the service provider’s side of security. It’s like setting up all these high-tech locks on the front door, only to find that a thief has made his way inside through the backdoor, using to the service provider’s super-secret master key.
How helpless would you be in the event of a breach involving a service you use?
If you’ve followed tip #3, you have at the very least minimized the possible impact of a stolen password being used to enter your other accounts. However, as soon as you get wind of a data breach involving an online service that you use, it is best to drop everything and change your password.
Get more tips, advice, and alerts on Internet security, just “like” Trend Micro Fearless Web Internet Security on Facebook at www.facebook.com/fearlessweb.
This entry was posted on Monday, 16. July 2012 and is filed under "Friends and Family, Hackers and Phishing, Identity Theft, Login ID Management, Password". You can follow any responses to this entry with RSS 2.0. You can leave a response here, or send a trackback from your own site.
Will:
Monday, 30. July 2012 at 11:49 pmOne way I use to tame the plethora of passwords one must have (EVERY site wants you to “register”!) is to come up with a phrase you can remember and then easily incorporate into it a mnemonic that will remind you of the site you are trying to log into. Thus you can have a seemingly nonsensical string of characters, only part of which you have to “remember” (the phrase), and part of which you have a very good chance of reconstructing. Then, use alphas and numerals – and if a website allows it, symbols. Unfortunately, not all websites follow the same rules (some banks STILL disallow anything but alphanumerics!) so it is sometimes difficult to come up with a pattern meaningful only to you that a website will accept. But in the long run, it is worth it. And yeah, don’t include the obvious, like dates, names, etc (not spelled out, anyway).
Example: t!mPP4$@mb. Aka, “this is my Pass Phrase for money at my bank.” Could then have “this is my Pass Phrase for fun at travelocity” – t!mPP4f@t. By using alphas, numerics, and symbols, you have 64 (10+26+28) choices for each character in your password; so if you had a 10-character password, that’s 64 x 64 x 64 x 64 …. 10 times! That’s a pretty huge number of combinations.
BTW – DON’T use the example phrase above… a little to simplistic, and besides, it is now published to the world, isn’t it!