New of a massive security breach swept over the United States this week, one of the largest the world has ever seen. The report follows an an 18-month investigation, in which a U.S. security firm is indicating that Russia-based hackers have stolen email addresses and passwords from millions of online users.
The security firm is the Minneapolis-based “Hold Security,” and they are claiming that the advanced hacker collective CyberVor has stolen around 1.2 billion username and password combinations, along with more than 500 million email addresses.
The same company, Hold Security, then drew fire from the media and consumers when it was found that they are charging a $120 subscription fee for companies to use a tool that checks a database of the confirmed hacked accounts and sites.
In the wake of all of this, Symantec is offering a few simple tips to help consumers. Now this advice is free, and while some security experts question the report’s findings, Symantec asserts the potential threats are important to take seriously. The company recommends consumers take five steps now to protect their most sensitive password protected information:
- Pay special attention to your email credentials: A lot of users fail to recognize that their email account can be a front door to their entire digital life. Think about how many times you may have reset your password on some other site and the recovery link is sent to your email account. In addition, avoid opening emails from unknown senders and clicking on suspicious email attachments; exercise caution when clicking on enticing links sent through email, instant messages, or posted on social networks; and do not share confidential information when replying to an email.
- Change passwords on important sites: It’s a good idea to immediately change passwords for sites that hold a lot of personal information, financial details, and other private data. Cyber criminals who have your credentials could try to use them to access more information on these accounts. This is particularly true if you have used the same password on multiple sites. Attackers will often try to use stolen credentials on multiple sites.
- Create stronger passwords: When changing your password, make sure that your new password is a minimum of eight characters long, and that it doesn’t contain your real name, username, or any other personally identifying information. The best passwords include a combination of uppercase and lowercase letters, numbers, and special characters.
- Don’t re-use passwords: Once a hacker has your account information and credentials, they’ll try to use it to gain access to all your accounts. This is why it’s important to create a unique password for each account. If you vary your passwords across multiple logins, they won’t be able to access other sites with the same information.
- Enable two-factor authentication: Many websites now offer two-factor (or two-step) authentication, which adds an extra layer of security to your account by requiring you to enter your password, plus a code that you will receive on your mobile device via text message or a token generator to login to the site. This may add complexity to the login process, but it significantly improves the security of your account. If nothing else, use this for your most important accounts.
PASSWORD THREAT INSIGHTS FROM SYMANTEC
Consumers are experiencing password fatigue. The average user has 26 password-protected accounts but typically uses only five different passwords. The company also indicates that consumers are resistant to regularly updating their passwords. A Symantec survey indicated that 38 percent of people would rather clean a toilet that come up with a new password.
The number one cause of breaches and compromised records in large organizations is stolen credentials. Symantec research asserts that 80 percent of data breaches could have been eliminated with the use of two-factor authentication.
In 2013, the two most common passwords were: 1) 123456 and 2) password according to the company.
more info: symantec