Recent attacks on LinkedIn and eHarmony highlight the importance of different passwords for different sites. LinkedIn confirmed that there had been a breach in their security whereby hackers stole approximately 6.5 million encrypted passwords.eHarmony also announced a breach in their security where 1.5 million passwords were stolen in the attack. Large-scale attacks such as these are becoming more common. Epsilon and a number of other companies, as we have discussed in previous blogs, fell victim to theft as well. In all of this hacking activity, there is one simple lesson — if all your passwords are the same on each site you use and someone fraudulently obtains your login info for one site, they will have obtained access to all your sites in one small coup.
Case in point. A colleague of mine recently learned a difficult lesson when her computer was stolen from her car. At first, she was mostly concerned about having lost all of the work (she’s a writer) that was stored on her machine. Sadly, there was a lot more than poetry at stake: her entire identity was at risk.
While using one password for all the secure sites she visited seemed smart at the time, it turned out to be a disaster. It was anything but smart. One little password gave the thief access to literally every aspect of her life: banking records, bills, medical records, emails, social networks and more. A simple trick of creating a new password for every important, secure site you visit can keep you from this kind of tragedy.
To put this in perspective, think of what we already do in the real world. We have a different key for everything that matters — house, car, safe-deposit box, gym locker, work, file cabinet, desk drawers, etc. And yet, many of us do what my colleague did — use the same password across multiple websites.
The good news is that creating a more secure cyber life for yourself is not that hard. Exercise caution in choosing passwords by selecting passwords that can’t easily be connected to you, like names of loved ones or important dates. If you have a laptop you frequently take out of the house, consider turning off your browser’s password storage function. You’ll likely find this function in the Tools or Preferences menus.
Most importantly, use a different password for every site that matters, just like you do with your keys. Examples of sites that matter are sites for banking, mortgage payments, bill pay services, online shopping and social media sites. Choosing passwords with combinations of letters and numbers is a good idea.
As I said in a recent Washington Post article talking about the LinkedIn breach, companies also have a role to play in protecting user information. Companies must think about security and privacy from the moment they begin designing their products to better head-off hacker attacks, particularly as policy-makers push for data breach legislation. If they can make accessing their data too difficult, criminals will head elsewhere.
Thanks to mobile apps, websites and add-ons, tracking so many passwords doesn’t have to be daunting. For example, try using software like Password Locker and the app SecureSafe are great examples of methods to save passwords.
Choosing hack-proof passwords and different log-ins for different sites have saved thousands of people money, time, and hassle by making their personal and financial information that much more secure.
And we can all appreciate a little more security and peace of mind online.