Today I’m issuing an URGENT BULLETIN to members about PASSWORD SECURITY.
Now more than ever in the past password security is “must address” issue.
You may use the same password for all of your accounts. We’ve all done it.
Unfortunately, this is a VERY BAD IDEA and creates a HUGE (yes, huge) likelihood of someone hacking into one of your accounts.
Say you have an online account with Starbucks, or maybe an online account with the popular stock photography site 123RF.
The Starbucks (or 123RF) server databases get hacked and email addresses, user names, and passwords are stolen. Don’t think this doesn’t happen. It happened at Target back in 2013 and most recently Yahoo disclosed they had a huge security breach, one they knew about but didn’t tell anyone about for two years!
The stolen information from Starbucks (or 123RF) gets “sold” online (this is typically what hackers do with the data they’ve hacked).
Now another hacker, or maybe dozens of other hackers, in some faraway land with nothing to do but create trouble, has your email address, user name, and password – the same password you use at other websites.
The mayhem begins!
So what should you do?
The answer is: Use password security best practices.
Password best practices include:
(1) Keep your personal computers up-to-date with anti-virus and anti-malware software. This will minimize the likelihood of your computers being infected with a keystroke or keyboard logging virus.
(2) Use separate passwords for each online account you have. Yes, this is a huge inconvenience, but a first line of defense.
(3) Never use easily guessed passwords, such as “password” or “user.”
(4) Avoid using simple adjacent keyboard combinations such as “qwerty” and “asdzxc” and “123456.”
(5) Don’t use your last name, business name, or other easily guessed passwords.
(6) Don’t leave your logins or password on your desk where people can see it or easily find it!
(7) Create unique passwords that use a combination of words, numbers, symbols, and both upper- and lower-case letters.
(8) Use long passwords: 12 or more characters.
(9) Do not use words that can be found in the dictionary.
(10) Online third-party services can help you manage your passwords and safeguard sensitive passwords. Three of the most popular tools are LastPass, DashLane, and 1Password. All three store passwords in the cloud and secure them all with a master password.
(11) If entrusting all your passwords to the cloud isn’t something you are comfortable with, consider using a local password storage program on your computer, such as Roboform, PasswordSafe or Keepass. Always use a strong master password, write it down and put it somewhere secure and where you remember you have it. If you forget the master password for most of these tools you are pretty much out of luck.
Still don’t think this issue a real threat?
Look at this (see below).
Earlier today Microsoft sent me a text message that they thought my Microsoft and Outlook email account may have been compromised.
Sure enough, it was.
Someone or some computer from Japan successfully signed into my Microsoft account – from Japan.
It definitely was not me – I’m in the Boston, Massachusetts area.
The Take Away
Take password security very seriously.
- Acknowledge that using the same password at multiple sites opens the doors for huge problems
- Hackers are at it 24/7 to obtain and then resell user names, email addresses, and passwords
- Proactively protect yourself
- Use password security Best Practices
- Consider tools like LastPass (recommended), 1Password, or RoboForm