Newspapers are reporting hacks where criminals make off with millions of passwords more and more often. In December 2013, TIME reported an attack in which criminals took some two million usernames and passwords from over 90,000 websites – including some of the most popular in the world, such as Facebook, Twitter, LinkedIn and Google. This is at least the second time many of these sites have been hit in the last year, and there’s one piece of advice that is tried, tested and absolutely essential:
Change your password
If you’re a user of any of these 90,000 sites (and it’s extremely likely that you are), you should change your passwords immediately. The software used in these attacks often makes it possible for hackers to continue to view your information until your passwords are changed and they are logged out, so you should do this as soon as possible.
Can you imagine if you were one of those users affected? They likely had to hurry to change their credentials and make sure they didn’t use the same combination of email address and password on any other website. Chances are these people, like many others, did use the same password for other accounts. Many people not only use the same password all over the web, but they also choose weak passwords.
Last year, some of the top 10 most common passwords employed by internet users included:
Passwords are the digital keys to our networks of friends, our work colleagues, and even our banking and payment services. We want to keep our passwords private to protect our personal lives, and that includes our financial information. While some cybercriminals may want to hack into our social networking or email accounts, most want the financial gain that hacking bank accounts can bring.
The most important two passwords are those for your email and social network accounts. If someone gains access to your email account, they could use the "forgot your password?" link on other websites you use, like online shopping or banking sites. If a hacker gets into your social network, they have the ability to scam your friends by sending out links to dangerous websites or posting fraudulent messages asking for money. The bottom line is that a good password is all that may stand between you and a cybercriminal.
Dos and don’ts
A good password is one you can remember but a hacker can't easily guess or crack using software tools. A good password is unique and complex. Here are some dos and don'ts for creating and maintaining strong passwords:
Do use a combination of uppercase and lowercase letters, symbols and numbers.
Don't use "123456", the word "password," or any of the other poor password examples shown above.
Do make sure your passwords are at least eight characters long. The more characters your passwords contain, the more difficult they are to guess.
Don't use a solitary word in any language. Hackers have dictionary-based tools to crack these types of passwords.
Do try to make your passwords as meaningless and random as possible.
Don't use a derivative of your name, the name of a family member or the name of a pet.
Do create different passwords for each account.
Don't ever write your passwords down and never give them out to anyone.
Do change your passwords regularly.
Don't answer "yes" when prompted to save your password to a particular computer's browser. Instead, rely on a strong password committed to memory or stored in a dependable password management program. Norton Internet Security and Norton 360 security software both include Norton Identity Safe which stores your passwords securely and fills them in online in encrypted form.
How to choose a better password
1. Begin by creating a password phrase that you will customise for each website you use. For example, one possible phrase is "I want to go to England."
2. Next, convert this phrase to an abbreviation by using the first letters of each word and changing the word "to" to a number "2." This will result in the following basic password phrase: iw2g2e.
3. Last, put the first and last letter of the website you are using on your new password phrase. For example, if you want to create a password for Norton.com, Niw2g2en is your new unique and complex Symantec password.
The advantage of using a pass phrase such as the above is that it is easy to remember as it’s something personal to you, but something that you can make unique for each website you visit requiring a login.