Almost half a million people trusted Yahoo! to safeguard their usernames and passwords, only to discover that hackers had stolen that data on July 11. Yahoo! had stored that valuable data in an unencrypted database. The information was not limited to Yahoo! accounts; more than 100,000 Gmail addresses and 55,000 Hotmail addresses and passwords were included.
Mark Bower of Voltage Security told Computerworld, “it’s utter negligence to store passwords in the clear. This breach just goes to show that even big companies aren’t taking enough steps to protect critical data.” So if you can’t trust companies to be responsible, you have to protect yourself. McAfee security expert Robert Siciliano offers the following password advice:
- Avoid consecutive keyboard combinations such as qwerty or asdfg.
- Don’t use dictionary words, slang terms, common misspellings or words spelled backward. These can be cracked using software that automatically plugs common words into password fields.
- Avoid first names as passwords, like the names of spouses, kids, other relatives or pets, all of which can be deduced with a little research.
- Don’t use personal information such as your name, age, birthdate, child’s name, pet’s name or favourite colour or song.
- Don’t be obvious. When 32 million passwords were exposed in a breach last year, almost one per cent of victims were using “123456.” The next most popular password was “12345.” Other common choices were “111111,” “princess,” “qwerty” and “abc123.”
- Use different passwords for different sites. Reusing passwords for e-mail, banking and social media accounts can lead to identity theft. Two recent breaches revealed a password reuse rate of 31 per cent among victims.
- Always log off if you leave your device and anyone is around.
- Don’t tell anyone your password. Your trusted friend now might not be your friend in the future.
- Change your passwords periodically, and avoid reusing a password for at least one year.
- Use at least eight characters of lowercase and uppercase letters, numbers and symbols in your password. Remember, the more the better.
- Use the keyboard as a palette to create shapes. %tgbHU8* on the keyboard is a V, for example.
Backbone's Security Blog
How safe is your patient data? The password conundrum
Elections Ontario lost data about me. I want someone fired