If you’ve been keeping up with technology news, particularly with the web, you may have noticed the high number of security breaches and hackings lately. Microsoft, Apple, Facebook, and NBC websites, to name a few, have been hacked. Jeep and Burger King had their Twitter accounts hacked (and had to clean up serious marketing/PR damage as a result). Pinterest, Twitter, and Tumblr had support information hacked, resulting in some account holders’ personal information being stolen.
With all these hackings and security breaches, you may be wondering are you, your business, and your web accounts (including email, social media, and website) safe?
Are hackers smarter?
It’s true that hackers are getting craftier and their technology smarter. One of my clients, whose website was hacked a few years ago, wondered why a hacker would target a small nonprofit group. The simple answer is just because they can. The more complicated answer is that often, they are automated attacks; the hacker sets malicious little software files loose to do damage…just for their amusement.
Are passwords safe?
Gaining consensus among the internet security community is the idea that passwords are no longer a safe or reliable way to protect your online accounts. Bill Gates thought so in 2004. It’s relatively simple for a password-cracking program to randomly generate millions of character combinations to try to figure out a password. Granted, longer passwords with a random mix of letters, numbers, and symbols take longer to crack; however, they still can be figured out.
What’s the solution?
At this time, there doesn’t appear to be a single best solution for keeping your information, money, and accounts safe. However, there is some promising work being done along the lines of authentication devices that people can use to gain access to their online accounts. One such service is Yubico. Google is reportedly working on similar technology. The idea is that you have some kind of authenticated device, such as a USB stick that reads your fingerprint, that, when connected to your computer, could log you in to your email, your bank, or other account. Your fingerprint is your unique key. Of course, you need to safeguard the device, but it would make hacking much more difficult and wouldn’t require password memorization either.
What to do in the meantime?
While we wait for widespread acceptance of a better way to protect our sensitive information, we can still take commonsense steps to secure ourselves with our passwords. Here are a few examples:
- Never use the same password twice, at least for important accounts. If you do, once a hacker figures it out, they can use it to break into all your accounts.
- Make your passwords at least 12 characters long.
- Mix upper- and lower-case letters, numbers, and symbols in your passwords.
- A password should never contain anything that could be looked up in a dictionary.
- Never keep written passwords near your computer.
- Use two-step authentication if offered. Some services, like Google, offer this, which means after you enter your password, they text you a one-time code that you then type in to gain access to your account.
Until we can use better security features, these tips will go a long way in protecting your personal information and accounts when hackers come knocking.