Ninjas are involved in most credit card thefts. (Note: this is not a true statement)
Data breaches are becoming the norm. From Zappos to Playstation Network to Global Payments to LinkedIn, it seems like there’s another one every day. There really is a black market for your data: the Identity Theft Assistance Center reports that 8.1 million adults in the U.S. suffered identity theft in 2011, each of whom lost an average of $4,607.
That’s why you need to start protecting yourself now from the next big data breach.
Whenever there’s a breach, your risk is significantly higher if you’ve reused your username and password combination on other accounts and sites. Here are 4 tips to help protect your accounts from being compromised.
1. CHANGE YOUR INFORMATION ON THE BREACHED ACCOUNT
It seems obvious, but if you only do one thing, this should be it. Was your password compromised? Make a new one. Was your credit card stolen? Cancel it.
2. MAKE YOUR NEW PASSWORD STRONG
Password strength is combination of length, content, and change frequency. In general, longer passwords with a wider variety of capitalization, letters, numbers, and symbols are the most secure, and the more often you change them, the better. The harder it is for others to guess, the safer it is. A few examples of notoriously common (and therefore bad) passwords:
- “password”
- your first or last name
- “123456”
- “qwerty”
- “letmein”
- “master”
- “abc123”
3. USE THIS SIMPLE TIP TO CREATE STRONG, UNIQUE PASSWORDS YOU CAN ALWAYS REMEMBER
Here’s a pro-tip for remembering all your login information. You’ll create a strong base password that you know you’ll remember, then apply a rule to it that will make slight variations of that password for each site where you register. The result: a unique password for all your accounts. Here’s how it works:
Let’s say your base password is AbinePrivacyRocks!@#! You’ll then make a rule that you’ll apply consistently whenever you make a password. One example of a rule: you’ll take the first letter of the site name and add it to the end of your base password. If you’re signing up for Facebook, for example, you’d add the “F” from Facebook and end up with AbinePrivacyRocks!@#!F.
As long as you remember your base password and the fact that you add the new letter at the end, you’ll be able to remember all your passwords on every site you use. Just be sure to never tell anyone either your base password or your rule.
4. IF YOU’VE REUSED YOUR COMPROMISED LOGIN INFO ON OTHER SITES, CHANGE THEM
A 2003 survey found that 65% of us use the same password for different applications or services. We’re only human; we can’t keep hundreds of different username and password combinations in our heads at all times. But in our effort to try to keep things simple, we expose ourselves to a great deal of risk. Think about it: a spammer who discovers your password on, say, Facebook, can then access all the other sites where you use it: PayPal, your online banking site, your phone service, your email, and everywhere else.
We recommend using your password creation rule, described above, to make new passwords on all your accounts. Start with the most important ones (like email, online banking, shopping, and social networks), and move on from there.
We hope you found these tips helpful. Good luck, and stay private!
Thanks so very much.
I like your suggestion. In my case, I needed another method because I have passwords on over 200 sites. In Windows Secrets, I learned about the free LastPass tool and have been using it without a hitch for 2-3 years. It stores my passwords encrypted in a vault on my machine. It is also on their server, encrypted. This lets me access the passwords from any computer. It also has autofill and auto-logon options. Oh, yeah – it lets you pick the characteristics when asked to generate a new password; any length, user-specified number of digits, and option to include special characters. When I set up an account on a new site which asks for a password, LastPass recognizes the password field and brings up a box where I tell it to generate a password to my specs. If I accept the generated password, it automatically fills in the password field and saves the URL of the site so it is recognized the next time I visit.
Whew – didn’t mean to get so carried away. I really do like the tool…
h HI THERE I WANT TO SAY THANKS FOR YOUR SERVICE. I AM DIABLED AND LIVE ON A FIXED INCOME AND YOU ARE TRULY A BLESSING AGAIN THANKS BUNCHES & BUNCHES!!!
Thank you so much! We’re glad to help, and it means a lot to us to hear positive comments like yours.
I was going to ask Abine about rec’s for password storage tools/sites. Thanks , Dan, for info re Last Pass.
My latest concern is the malware “event” coming up on Monday July 9. Pardon my ignorance, but if using “the cloud” as a means of confusing potential attackers,
does it affect the ability of the DNS tool provided ny the FBI et others to
be sure your DNS is safe and clean?
One could use a passphrase and some random characters. The random characters and longer length can help make brute force attacks and most dictionary attacks harder while still being memorable enough. It’s not perfect but it just has to be good enough for now.
As they say, “Don’t be the low hanging fruit.”
Right. It’s all about being more effort to crack than most people.
The password AbinePrivacyRocks!@#! actually is basically a passphrase so this is already covered. Just thought I might point that out in case it is useful.
Each word beginning with a capital and even random characters as a separator as well as the characters at the end might increase the difficulty for an attacker.
Every little bit helps. The little things that make passwords just a bit harder to attack and yet still memorable are a good place to start.
Good tips. Thanks!
The problem with your “forget-proof password wizard” is:
1. If someone learns one of your passwords, they can deduce them all.
2. You cannot, under any circumstances, reveal one of your passwords without revealing them all. I can think of numerous times when I’ve had to give my spouse or family member one of my passwords.
Yep, it’s not foolproof, and this is one of its weaknesses. The same thing that makes it easy for you to remember also adds some vulnerability to it.
To add to John Doe, another problem with the “forget-proof password wizard” is changing a password. If you need to change the password to a site where you had previously used this rule, then what would you use for the new password? You have to then make an exception to the rule so you again have to remember passwords.
One way around this is to have a a list of variations of the rule and every time you change the password you use a different variation; you still have to remember the variation used for the website, but that’s easier to remember.
Also, if you use a clever rule, it might be difficult to guess your rule, even if someone has access to a single password. Though, I have always worried that someone would create a string of websites so that they can compare how the password changes for a single user between sites so they can learn the rule. It’s a bit far fetched, but it is something to worry about if a group of websites you use gets compromised.
Interesting. Can you provide an example of what you mean about the variation?
My variations are not vary complicated. My pass phrase, or base password is made of multiple words, so I vary which of the words are capitalized in any instance. Also, you can vary where you put the rule relative to the base password. Do you put it at the start, middle, end etc.
I’m imagining that one can also change the base password around, even if only a single word in it.
Finally, another trick that I do for the rule, is that I know some obscure language which is not well known so I use that language as a hash. Since my rule is based on some text which is different for each website, I take the ABC of the text and convert it to the ABC of the other language. Then the converted ABCs in the second language gets mapped to a number based on the rules of that language.
This ensures that even if you have access to a few instances of my password, you probably won’t be able to workout the hash part. You can accomplish the same by having a hash between the ABCs and numbers, e.g. A=1, B=2, C=3…
If you’re willing to put the effort you can come with many such hashes that you can use in different situations. E.g. the first letter for the exclamation symbol maps to an e and so on.
I use encryption when it comes to passwords. For example: Let’s say the password is apple. You could switch the adjacent letters: palpe. You could add a random letter or number in between each letter of your password: aspspslses or a1p1p1l1e1. My work password is changed every 30 days, and sometimes it is hard to come up with something new so I will double up on letters: original password is apple, after 30 days I will use aapple, then aappple then apppple, apppplle, and aappppllee. So far it has worked for me.
Cool tactic. Thanks for the tip!