So, uh … you hear about LinkedIn getting hacked? Something like six million passwords were “affected,” according to the Washington Post. While LinkedIn notified the “affected” users by e-mail, it’s still a good idea to head over there right now and change your password, since, admit it, you haven’t changed it anytime recently anyway. Also change other passwords that are the same because, haha, those accounts are now vulnerable as well.
eHarmony and Last.fm also had security breaches last week, and they won’t be the last websites to suffer that fate. Secure information will get out, and while responsible companies do a lot to prevent intrusions and mitigate damage afterward, you can only truly rely on yourself.
But how can you protect yourself?
• Don’t: Use the same passwords at different sites. There are a lot of online services. I lose track of all my e-mail addresses, never mind blog commenting accounts, bank PINs, and other things I don’t want anyone else getting access to. Even if LinkedIn locks my account until I (somehow) verify my identity with them, what will Hotmail or Citizens Bank do? That’s right, nothing, and a malicious hacker with my password doesn’t try it just at the site from which it was taken. Change ALL the passwords.
• Do: Create long passwords. The longer a password is, the harder it is for automated programs to crack. These programs can’t guess each character individually like some films show; they have to guess the whole thing at once. If the hacker knows you, maybe they can guess your pet’s full name and royal title, but odds are you’re an anonymous account to the bad guy. The difficulty of cracking your password goes up exponentially for every character you add, whether it’s a letter, number or weird symbol.
• Don’t: Give yourself really obvious hints. And no, “What do you get when you multiply six by nine?” is not a good way to obfuscate a password. The hints that some sites display will help a hacker as much as they’ll help you if they’re general knowledge questions. Even personal facts are useless if the hacker has your info from, say, your LinkedIn account.
• Do: Use a password manager or universal login. You’ve probably seen “Log in with Facebook” buttons on sites around the Web. Google, Yahoo!, Disqus, OpenID, and other services offer the same kind of one-stop shop for establishing your identity online. Unfortunately, not every site supports the same (or any) universal login services, not to mention that a security breach at one of those services means a LOT of your info is up for grabs.
If there’s one computer you use regularly, you can install a password manager application on it. That program will encrypt and store all your passwords so you only have to remember the password to the program itself. Just make sure you have a different password for logging into your computer. Some free password managers that also keep common form field info like name and address on file include the Google Toolbar and RoboForm Free. All major browsers can remember passwords too.
• Don’t: Freak out. It pays to be smart, not paranoid. You can use the same password everywhere and never have your identity stolen, or you can have an intricate mental password-generating system and get hacked tomorrow. You will be able to put your life back together with a little hassle, so don’t seat it too much.
You’ll never guess the password for @CitizenjaQ on Twitter.