What to Do About Your Passwords

by | Aug/6/2014

You probably heard that a group of hackers has collected more than a billion passwords – so far. The best password strategies:

It is easy to become numb about the news of stolen passwords. In the biggest discovery, so far, more than 420,000 websites have been hacked – and they are just finding out about it now. What if yours is one of the 1.2 billion stolen passwords?

Changing passwords frequently helps – but it is an inconvenience. Today is a good time to do it anyway – especially for banking, medical, and the most important sites.

Password managers can help you – they remember your passwords for you so you can have a different password at every site. Therefore, you only need to remember one password, the password to your password manager. Choices abound including LastPass, DashLane, Roboform and many others. There are “enterprise” versions to use in your company, and they are inexpensive.

Yes, there is a tiny risk that an attacker might breach the password manager, so you may decide to keep your banking credentials in your head, but use the password manager for other sites.

Perhaps the best solution is “multi-factor authentication” also known as “2-step” verification. Then you may not even care if someone else knows your password. An example of this solution: You enter a username and password into a web site, and then your mobile phone buzzes and tells you to enter the code such as 777888 to complete the login process.

Now an attacker would need to steal your mobile phone too before they could log on with your username and password. Obviously, if the attacker is in another country, then it is more difficult for them to steal your phone.

DropBox, PayPal, Google Apps, and many other sites already support multi-factor authentication – you just have to “turn it on.” See https://www.google.com/landing/2step/ to set up your Google account’s 2-step verification.

However, even multi-factor solutions are not perfect. One example, among many others, is how it was possible to bypass PayPal’s multi-factor authentication if you logged into EBay first.

By the way, in case you have eaten there, P.F. Chang’s published a list of restaurant locations that may have been breached: http://pfchangs.com/security/#locations

Change your passwords, get a password manager if you want to, and inquire about multi-factor authentication at the websites that contain your sensitive data.

Please post your comments below…