Question: Should I be concerned about the news that Russian hackers have stolen a large number of passwords and if so, what should I be doing?
Answer: If the reports are accurate, a Russian gang has apparently pulled off the largest known hack of private internet information ever.
Hold Security of Milwaukee claims to have discovered a global compromise of over 1.2 billion user names and passwords from roughly 420,000 websites, including 500 million email addresses.
The websites range from Fortune 500 companies, to household names and lots of very small sites, so you should assume that your credentials have been sold to other hackers already.
The good news is that with that many accounts being stolen, the chances of your accounts being the first to be exploited are pretty low. That means you have time to change all your passwords before a criminal attempts to use the stolen credentials.
This, once again, underscores the importance of not using the same password on all your online accounts. Hackers will automatically try using your user name and password on every major website because they know that so many of you still make this huge mistake.
Since at this point, there is no way to know for sure if your credentials have been stolen, you should assume that they have and act accordingly.
In any case, this is a great wake-up call that you should use to strengthen your password protection by doing the following:
1. Change all your passwords and make sure that every online account has its own password. To make this more manageable, consider using a password manager (Here’s my advice on easy to use password managers: http://datadoctors.com/help/columns/21973).
2. Longer, easy to remember passwords are more secure than short complicated passwords. Aim for at least 15 characters, but make it easy to remember. Example: I Hate Passwords! is much more secure than A8y@q7P1 and much easier to remember.
3. Make sure your email account has a very strong password. Your email account is the gateway to all your other accounts. Remember, that when you forget a password, the reset message gets sent to your email account making it really easy for the bad guys to take over if they get in.
4. Make sure you have a pass code setup on your mobile devices. Mobile devices are more easily lost or stolen and if you don’t have a pass code to keep strangers out, they have direct access to your email account.
5. Do a search of all your old emails for the word “password” and delete any messages that provide information on what accounts you do have. If a hacker does gain access to your email account, they will immediately search for clues of the accounts you do have so they can quickly exploit them.
6. Turn on “2-factor” or “2-step” authentication. Virtually every sensitive online account you have has this feature, but you must turn it on (go to “Settings”). When activated, your smartphone becomes part of your security fence. Whenever a site detects that you’re signing in from a new computer or device, it sends a special code via text message to your phone to verify that it’s you. This way, even if a hacker acquires your user name and password, they won’t be able to get in without your phone in their hands.
Passwords are the gateway to your digital life and with every breach they become more vulnerable, so don’t take this lightly.
• Ken Colburn is president of Data Doctors Computer Services and host of the Data Doctors Radio Program, noon Saturdays on KTAR 92.3 FM or at www.datadoctors.com/radio.