How to Protect Yourself from Password Theft
Large companies seem to be losing user passwords to hackers at an ever increasing rate. Just recently:
- Formspring lost 420,000 passwords
- LinkedIn lost 6.5 million member passwords … and these were not even well protected.
- eHarmoney lost 1.5 million passwords
- Yahoo! lost 400,000 passwords … all in plain text!
The list goes on and on – it’s likely that you or someone you know was affected by one or more of these issues. So, what can you do to protect yourself?
1. Don’t use the same password everywhere!
If you use the same password for many different web sites or services and that password gets compromised, then attackers can potentially access your other accounts. A breach of your LinkedIn account is one thing, but if that gets the attacker into your PayPal account because the password is the same … that would be much worse.
- Choose separate and strong passwords for each site.
- Use a secured “lockbox” of some kind so you can keep track of your passwords, such as that provided by LuxSci’s online WebAides Passwords tool.
- Find a solution with mobile support for instant password reminder access from your smartphone.
2. Use services from companies who emphasize security.
Companies like Yahoo!, Facebook, AOL, etc. do not prioritize user security and thus may have poor or antiquated methods in place for user information storage, password protection, and system security. Additionally, the larger the company, the more of a target it is for malicious attacks — hackers would rather steal millions of passwords than thousands.
If you have a choice, select a smaller company that is focused on security and privacy. They often have better security in place, have more oversight over them, and are smaller targets in the first place.
This applies to all online services that you may use — email, banking, social networking, chat, dating, to do lists, reminders, calorie counters, etc.
3. Choose more secure options when possible.
Many companies, such as LuxSci, provide multiple options (many enabled by default) to help enhance the security of your account against attacks. Some of these include:
- Use of SSL or TLS for secure logins so that no one can eavesdrop on your password or data.
- Use “two factor” authentications options — e.g. have access require that you enter your password and that confirm the login via your mobile phone. Lost passwords then do not actually grant access to your account.
- Choose to receive notifications of successful and/or failed attempts to login to your account — so you can see if someone other than yourself is trying to gain access.
- Change your passwords frequently – as you may not know if a particular password has been compromised. Some companies allow you to enforce password changes at certain intervals and can restrict you from re-using old, possibly compromised, ones.