The most recent rumblings of yet another security breach for over 2 million accounts from sites like Facebook, Yahoo, Google, Twitter and LinkedIn are true and should serve as another wake up call for all of us.
Security firm Trustwave discovered a server in the Netherlands that had posted over 2 million credentials for social media and email accounts that had been compromised from around the world.
According to Trustwave, the 5 most common passwords were 123456, 123456789, 1234, password and 12345 despite all the warnings about using simple passwords.
In fact, in their estimation, only 5 percent of the stolen passwords were considered excellent, 17 percent were considered good and the rest were pretty weak.
In addition to traditional brute force attacks to break simple passwords, they believe that the cybercriminals used silent keylogging programs to record keystrokes on computers that they had infected. Keyloggers allow a remote hacker to essentially record every keystroke you type and send the transcripts of your activities to them automatically.
Keyloggers can be hidden inside of other programs that appear to be legitimate or inside of fake copyrighted materials such as movies, music and expensive software programs on file sharing networks.
If a keylogging program sneaks its way into your computer, there are no real obvious signs that you have been infiltrated which is why they are so dangerous.
If one of your social media accounts was compromised during this attack, you would have been notified and asked to create a new password by now.
Security breaches are a fact of online life, so you should assume that at some point, your accounts will be compromised and consider doing the following:
#1 – Make your passwords longer
Adding more characters to your password will significantly decrease the chances of it being ‘guessed' by hackers. Shoot for a minimum of 15 characters but make it something that you can remember. Add extra symbols, upper case letters and numbers for the most secure passwords. A great resource for understanding and testing your password ideas is Steve Gibson's Password Haystack tool.
#2 – Activate 2-Factor Authentication on all your accounts
2-factor authentication uses something you know (your password) with something you own (your cellphone). Once you set it up, anytime someone uses your password from a computer, tablet or smartphone that the site does not recognize, it sends your cell phone a special code that you must type in within a short period of time.
Unless someone steals your password and your phone at the same time, they won't be able to access your accounts. It's also a great way to know that someone has acquired your password; if you get a text message with a special code and you aren't trying to log into your account, someone else is!
#3 – Quit using the same password on all your online accounts
Hackers know that most people use the same passwords across many of their accounts, which makes a breach even more dangerous if you're guilty of doing this.
I've written in the past on creating strong, but easy to remember passwords along with some suggested password management programs which is posted here.