Early in September, Google announced that around 5m Gmail usernames and passwords had been leaked. Although Google said less than 2% of those details “might have worked” due to the age of the data stolen, this is by no means the first time that breaches of this nature have happened.
Mass leaks are one problem. So, too, are targeted attacks used to gain access to a user’s social media or e-mail account. In both cases, weak passwords and easy to crack security questions leave users open to attack.
The problem is, many Internet users use the same four or five passwords for all their accounts. This means that if a hacker gets hold of your e-mail address and one of these passwords, chances are good that they will successfully use those details on other platforms in an attempt to gain access to one of your online accounts — your bank, for instance. And a surprisingly large number of people use weak or predictable passwords.
A list of the most common passwords was compiled from the leaked Gmail data. The top three were 123456, password and 123456789. Other gems that made it onto the list included qwerty, 111111 and abc123. For hackers, it’s simply a numbers game. Once they have your e-mail address, guessing a password can be relatively trivial if you don’t use a variety of complex password to protect your accounts.
So, how do you protect yourself? Well, the best thing you can do is to start employing stronger passwords to protect your accounts and try to shy away from using the same password on multiple accounts.
Two-factor authentication is one of the most effective ways to protect your accounts and many services, including Facebook, Twitter, Apple and Google now offer two-factor authentication services. This means that should you forget your password, you’ll need more than just a security question and e-mail address to gain access to your account again. Two factor authentication typically makes use of your cellphone as a second authentication channel. An SMS with a unique code is sent that is then used to verify that you are, indeed, the owner of the account.
When choosing a strong password, the only sure-fire way to get it right is to use a password generator (passwordsgenerator.net is a good one) to create a complex password. Don’t use dictionary words or names of people close to you — admit it, you have at least one password with a loved one’s name embedded in it. Unfortunately, this means you’ll be less likely to remember your passwords, but there are many tools to help you. But we’ll get to that in a moment.
You may also want to beef up security on your computer while you are in the process of converting all your passwords. This means that you should choose a more secure password to unlock your computer. The reason this is important is that many browsers save your e-mail and passwords — a great time-saving feature, but it leaves your passwords exposed to anyone who has access to your machine.
In Chrome, for example, all your website usernames and passwords are stored under advanced settings. Although you need to enter your computer’s password to view each password stored, it’s not difficult to get to if someone gains access to your PC. This feature can be disabled and I recommend you do so. Instead, use a password manager to keep your list of unique, strong passwords secure.
LastPass is my tool of choice for keeping my online accounts secure. It keeps all of my strong passwords in its digital vault, accessible via any Web browser (using a plugin). Alternatively, you can view your LastPass passwords via a smartphone app.
There are “freemium” and paid-for options; the latter is worth the subscription fee of US$12/year as it provides access to the service across multiple platforms and you’ll even be able to create profiles that you can choose from when using e-commerce sites, allowing you to pay for and complete the delivery details of your online order.
LastPass features two-factor authentication and it can generate strong passwords for you on the fly when you sign up for a new online service. If you are worried about security — and you should be — rest assured that your data is encrypted locally before being synced with LasPass’s servers.
Until biometrics become part of mainstream security, passwords will be the only barrier between your data and the malicious people trying to gain access to your accounts. And anyone with weak security details is a potential target. It’s not difficult to protect yourself and keep your accounts secure. All it takes is a little discipline. — © NewsCentral Media
- Regardt van der Berg is a senior journalist at TechCentral. Find him on Twitter