Well, I had certain plans for the second part of this post, and while I will still follow-up with some of the expansion from part 1, I’d be remiss if I didn’t address last week’s incredible recent news about the 2014 Yahoo! hack.
While hacks and breaches such as these are starting become very commonplace in our society, it does not mean that we shouldn’t all pay serious attention every time they happen. With user information from over 500 million Yahoo! accounts now available for sale to the highest malicious bidder, that makes this breach arguably the largest and most wide-spread to date.
While the actual breach occurred in 2014, news as recent as Thursday, September 22, 2016 revealed that many more users and much more information was lost than was originally reported.
If you have any Yahoo! accounts, I recommend you stop reading this immediately and go change your password(s) and any security questions on your account if you haven’t already done so.
Instructions and information on how to change your Yahoo! information can be found here.
Now, to expand on last Tuesday’s Part 1 of this post, I’d like to start by going into further detail on my recommendations for strong password management. If you’ll recall, I listed 4 things that everyone should be doing these days to protect themselves.
- Never Reuse passwords
- Use complex passwords
- Do not share your passwords
- Change your passwords periodically
Never reuse passwords
While it is very commonplace for people to use the same password on more than one online account, it is actually one of the worst practices for password management. What makes this so bad? It makes it that much easier for a hacker to gain access to more of your life once they have credentials from a breach. For example, if your Yahoo! credentials were stolen in this breach and you used that same password on your email, Facebook, and your bank account, then the Hacker just gained access to most of your life. The best way keep this from happening is to keep separate passwords on every online account.
Use complex passwords
The recommendation and use of complex passwords has become as common as the breaches in the news. However, many people, while they may create passwords that meet minimum security requirements, they still do not obey basic rules to help them avoid an easy “cracking” or even guessing of their passwords. Below is a list of common rules to follow when creating passwords.
- Passwords should be a minimum of 12 to 16 characters long.
- Never use your name, kids names, pet names, anniversaries, birthdays, or any other common information that could be easily obtained.
- Try not to use complete words or phrases as part of your password
- Make sure to use at least 1 capital letter, 1 number, and 1 special character in your passwords
Do not share passwords
Sharing passwords with your loved ones or friends in order to share accounts or make it easier to log in to things might make things seem easier, but it creates a huge, increased security risk in exposing your accounts and credentials across multiple people.
Change your passwords periodically
While many people leave the same passwords in place for years, it is a very risky security practice. Especially now, as I mentioned before, that these security breaches are becoming so common. The worst part is that a lot of these same people won’t even change their passwords after they’re alerted to a possible breach of their own information. There is a wide-spread mentality of “it won’t happen to me”. The best course is to get your passwords on a routine schedule of change. I recommend no more than 90 days.
I know it may seem unrealistic to try to keep up with all of these recommendations. Frankly, most people find themselves too busy just living life to try and keep with all of this stuff. However, not following these recommendations can lead to multiple account breaches, fraudulent debit or credit card transactions, or even identity theft.
At Cyber Watchtower, we have made it our business to protect our customers and helping them manage their passwords is one of the main ways we do that. If you want to know more our password management service, check out our Password Management page and let us help you achieve better, all around password security.