1.2 Billion passwords stolen - Yours and mine?
Yes, probably yours and mine. At least that’s the safe assumption to make.
A Russian hackers group has stolen 1.2 Billion pieces of online credentials including usernames, passwords, and email addresses. Given that large of a number, it’s safe to assume we are among the victims.
This is becoming increasingly common and even security experts admit that preventing these types of attacks is more of a cat and mouse game than a tried and true prevention system. Ultimately, that leaves it on our hands, the users, to deal with it. While it will always be a pain (as long as we use the internet and electronic money) there are some things we can do to make each of these breaches a little less difficult to mitigate each time.
Let’s start with what we need to do RIGHT NOW as a direct result of this breach. We are doing all of this too. We feel your pain.
1. Remove your debit card information from any online shop that you use. If you’ve saved it at Amazon or anywhere else to make purchases easier, remove it. Consider using a credit card instead as they offer better fraud protection. Or, don’t save it at all. You might even save some money by avoiding those all to easy impulse purchases.
2. Change all your passwords for online accounts. Sorry, you knew this one was coming :) Start with the most important ones, like banks and investments. Then, anything else that would allow access to your information or computer like logmein or teamviewer. Next is email. Then your website. Use strong passwords, and consider using a program like Keepass (we can help with this)to manage your myriad of passwords. It really is a nice tool to make passwords a lot easier.
A nice tip we read from an article was to use the same password, and just prefix or suffix it with something unique about the site you are on. For example, start with a universal password. We’ll say P@ssw0rdsAr3Th3W0rst. Then, customize it for each site you will use.
This may not be the ultimate in security as all passwords are still similar, but I bet it's a good first step for most of you out there in improving your password security.
Then, in order to help mitigate your risk in the future there are additional measures you should take.
1. Consider two step verification - Many sites, like gmail, allow two step verification. Basically, when you log into the site, it will then also send a verification code via text to your phone, which you then put into gmail. That way even if your password is stolen someone can’t log into your account, unless they steal your phone too :)
2. Get rid of the default swipe on your phone and make a pattern or a pin.
3. Consider an app like Prey or Where’s my Droid (android) and findmyiphone (iphone) for additional protection on your phone and laptops. If it gets stolen you can locate it, lock it, and set off an alarm. “Excuse me shady person with a siren ringing in your pocket, can I please have my phone back?”
4. Don’t store passwords in your browser. When you log in and it says “Do you want this site to remember your password”, say NO! These are stored in a very easy to steal format. If you ever get malware or a virus these passwords will be low hanging fruit.
5. Use google chrome in “incognito mode”
6. Make sure your antivirus is working. This means 1)A valid, up to date subscription, 2)Current definitions, 3)Full & Quick scanning enabled, and 4)Review of detections.
7. Lock your computer! Set it to automatically lock if you leave your desk for more than 10-15 minutes.
Overwhelmed? Need some help? A few things we could do for you to make life easier.
1. Get you, your office, your personal life, anything you want, set up with Keepass for simpler password management.
2. Train you, your office manager, your whole staff, on general security Do’s and Dont’s.