OK, now it's really time to
change your password.
With news that as many as 1.2
billion user names and password combinations had been stolen, security experts
are urging consumers to be more vigilant online.
A Russian cybergang injected
malicious code into at least 420,000 websites to gather the data. The attack
"looks absolutely enormous," said Geoff Webb, senior director of
security and strategy at NetIQ, a computer security company based in Houston.
"It's yet another example showing that there's lot of work to be done in
making the Web-based applications that people use secure."
STORY:
Because people tend to use the
same password on multiple sites, "when a medium-sized breach occurs, it
can have major repercussions because those passwords are used on so many
systems," Webb said. "And this is a huge breach."
Some of the e-mail and password
combinations may be old and no longer in use, so it may not be necessary for
users to change their passwords, said Alex Holden, founder and chief
information security officer for Hold Security in Milwaukee. "The last
thing we want is to panic the marketplace," he said. "That won't be
productive."
Potential victims can register
atHoldSecurity.com to see whether their e-mail addresses are among those
compromised. The company says in the coming days it plans to let them know for
free if their credentials have been found in possession of the gang, which Hold
Security has deemed CyberVor ("vor" means "thief" in
Russian).
"The takeaway from all of
this: It's time to change your password again," says security expert Phil
Lieberman, CEO of Lieberman Software.
Beyond that, here's some other
tips for more secure online conduct:
PASSWORD SAFETY TIPS
1. Mix it up Make passwords 10 characters
or longer and use a mix of lowercase, uppercase, symbols and numbers. Change your
important passwords every 3months.
2. Be creative Use unique passwords
for each account and vary the e-mail addresses you use.
3. Split social media and money Don't
use the same username or password for credit cards and bank accounts that you use
for social media or websites.
4. Keep passwords safe Don't store
your account information in an unsecured document on your computer or network. Be
sure not to share passwords with anyone, even family or friends.
5. Stay informed Keep up with the
details of the breach as they become released.
Comments
Post a Comment