Password-hacking will continue to escalate following recent attacks
Yahoo and Formspring became the latest victims of major password-hacking incidents last week, following high-profile incidents at LinkedIn, eHarmony and Last.fm in June. The LinkedIn breach alone resulted in 6.5m hashed passwords being published on a hacking forum.
We are seeing the frequency of high-profile hacking incidents escalate and I can only see that pattern continuing to build. In some cases the hackers will be motivated only by a desire to expose what they regard as unacceptable weaknesses in the online defences of governments or organisations, however, in others cases, criminal hackers will have less altruistic intentions.
You may think having your LinkedIn account hacked isn’t that big a deal, but the ramifications can be huge. Beyond the reputational damage a malicious hacker can cause by defacing or spamming from your account, your personal information can be scraped and used for other purposes; from impersonating you online to obtaining credit under your name in some cases.
What makes these hacking incidents so dangerous is that, amazingly, a high proportion of people continue to use the same or slight variations of the same password across their online accounts, including email, social media or online banking. In light of this, an unscrupulous person gaining access to your LinkedIn password becomes a much more serious concern, as they have the potential to also gain access to a whole host of other accounts and services you use the same password on.
You should always avoid using the same password on multiple sites. In 2012, that’s the equivalent of going on holiday and leaving the keys under the doormat.
If you think you may have had an online account hacked, you should change your password immediately, and change it anywhere else where you’ve used it too. Be especially wary of any emails purporting to be from these services asking you to log in and change your password, as these will almost certainly be phishing scams. To keep yourself safe you should always visit the site directly or through a bookmark you created, never from an email link.
Ultimately, of course, prevention is better than cure and individuals should take steps to protect both themselves and their business. The approach to mitigating risk is twofold: use a strong password and don’t use it more than once.
Weak passwords are extremely vulnerable as these can be very quickly cracked. Using different passwords on every website isolates exposure should one site be compromised.
To create a strong password, make it long to increase the number of possible permutations and don’t use dictionary words as they are much easier to crack. Using a mixture of upper case, lower case, numbers and special characters helps by increasing entropy.
Of course, the problem with creating unique, strong, complex passwords for every online account you own is that it quickly becomes impossible to remember them all. Fortunately, there are a number of free password manager solutions available online to help you generate and remember high-security passwords.
With each new hacking incident, individuals and businesses are finally waking-up to the idea that organised cybercrime has become a day-to-day threat and that increased password security management is absolutely essential. I predict that online password manager solutions will be as familiar a concept as virus scanning within the next 12 months.
Mike Newman is CEO and founder of my1login.