Aug 08, 2014

    Passwords are just the first step to thwarting hackers


    THE numbers sound abstract: hundreds of millions of e-mail addresses and other types of personal identification were found in the hands of Russian hackers.

    The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, including household names and small Internet sites.

    There are common-sense steps which everyone can take to keep the threat posed by hackers to a minimum.

    How do I know if my personal information is part of the stolen material?

    The latest breach is enormous, and similar attacks and smaller thefts are happening all the time.

    At this point, it is wisest to improve your online security immediately.

    Let me guess: I should change my password?

    The first step, as always, is to change passwords for sites that contain confidential information like financial, health or credit-card data. Do not use the same password across multiple sites.

    How do I create stronger passwords?

    Try a password manager like LastPass or Password Safe, which was created by the security expert Bruce Schneier.

    These services create a unique password for each website you visit and store them in a database protected by a master password that you create. That sounds dangerous, but password managers reduce the risk of reused passwords or those that are easy to decode.

    If you must create your own passwords, make sure they are not based on dictionary words. Even a word obscured with symbols and numbers can be cracked relatively quickly.

    Mr Schneier suggests creating an anagram from a sentence, and using symbols and numbers to make it more complicated. For example, the sentence "One time in class I ate some glue" could become "1TiC!AsG". Create the strongest passwords for the sites that contain the most sensitive information and do not reuse them anywhere.

    Are passwords enough?

    Passwords are not enough. If a site offers additional security features, like secondary or two-factor authentication, enable them. Then, when you enter your password, you will receive a text message with a one-time code that you must enter before you can log in.

    Many bank sites and major sites like Google and Apple offer two-factor authentication. In some cases, the second authentication is required only if you are logging in from a new computer.

    How can I stop my information from being stolen in the first place?

    Increasingly, you cannot. Regular monitoring of financial records can help minimise the damage if someone gets your information. But only the companies storing your personal data are responsible for securing it. Consumers can slow down hackers and identity thieves, but corporate computer security and law enforcement are the biggest deterrents.