Another Huge Password Breach in the News
Before you read this article, please go and change your email password(s). Use no less than 12 characters, use upper case, lower case, numbers and special characters. Make it NEW and UNIQUE. Then come back here to read what happened and how much more you need to do!
Okay now the rest of the story…
You may have heard that there is a new email password breach of epic proportion. And it is true, mostly. Recently 773,000,000 unique emails were released along with 21,000,000 unique email passwords. They were not recently acquired, but they were recently released. And they are from various sources.
Hopefully, you have already changed your password(s) on all your email accounts since this release and, therefore, are still secure. But have you used that same password on other sites with other accounts? If so, stop reading and go change those passwords too!
At the risk of repeating myself from other articles, here are the rules you should follow to keep all your accounts safe.
- Never use the same password on more than one account.
Even if the accounts have nothing to do with each other, it is still a grave mistake that makes all accounts with that password vulnerable.
- Make all your passwords long.
Make your passwords a minimum of 12 characters. Every character you add to your password makes it exponentially more difficult to hack.
- Don’t use your public information.
Don’t use any personal information that can be farmed from your social media accounts. Facebook, in particular, tends to be a big supplier of information for scammers.
- Use the whole keyboard.
Use upper case and lower case letters, numbers, and special characters.
- Don’t use obvious passwords.
I really shouldn’t have to say this one but… do not use the word ‘password’ as your password.
- Use different user names.
Okay this isn’t specifically a password tip, but user names go hand-in-hand with passwords. I personally try to make all my user names different as well, when possible. Many websites require your user name to be your email.
- Change your passwords every few months.
Obviously changing your passwords means that when there is a list of stolen information “out there,” it probably has old passwords that are no longer being used. Along this same vein, don’t just keep two passwords on an account and flip between them. Eventually one or both of those passwords will be hacked or stolen.
- Use a password manager.
To make this as easy as possible for you, use a well-rated password manager program such as LastPass or 1Password. I have been using LastPass for a couple of years now and it has saved me a lot of time in maintaining my incredibly long list of accounts and passwords. It also speeds up my login process with all my accounts.
Did you happen to look carefully at my image at the top of this article? It shows a real list of quarantined “ransom” emails sent to me. I get them all the time now. They show a password that they found in one of the stolen lists on the Internet and threaten that if I don’t send them money they will make all my personal information public. These are particularly nasty spam emails, and I have to admit the first one I received scared me. But the good news is, though these were legit passwords I used in the past, they are no longer in use. (Notice they are shorter and easier to hack than what I espouse today.) These particular passwords were not “hacked” per se. The website where I had an account was hacked and all the information they had was stolen. So it’s not necessarily email passwords, but those from other accounts.
One other mention about these particular scammer, pseudo-ransom emails… generally speaking, they have no intention of trying to make any moves against you. They are looking for easy marks who will just give them money. BUT… you are no easy mark because you just read this article!
Nothing is 100% secure, but you can cover your butt and follow the rules above as you move forward in the cyber world of the World Wide Web.
Questions? Concerns? Contact Cathy at email@example.com.