This is starting to get personal—for more than a billion of us.
With news breaking that a Russian crime ring has amassed more than a billion user name and password combinations, it’s very possible that they have one of yours. Now, ask yourself: If they have one of mine, how many of my accounts could they access?
In other words, are you using the same credentials—user name and password—across multiple accounts?
It’s probably time for you to rethink your online password strategy. Even if you don’t have a well-thought-out strategy, you still have one. It’s just not very good. Sorry. Truth hurts, huh?
Like a lot of folks, I started going online with email years ago. Then, having a user name and password wasn’t something I gave much thought to. And as more and more online services became available, I ended up using the same credentials on a number of accounts. After a while, savvy me, I started throwing in a number (1) and an exclamation point (!) to outwit the bad guys. As if.
Attention Russian Hackers: I don’t do that any longer. Mostly.
A lot of folks, however still do use the same credentials on multiple accounts.
According to a recent online survey of over 2,000 online U.S. adults conducted in April by Harris Poll commissioned by LifeLock, over half (56%) of online Americans use more than 10 online sites/accounts, and 25% who use accounts/sites that require a password have no more than three sets of credentials. That means many people are using the same credentials over and over again, putting themselves at greater risk.
Let’s get to work, friends. Here’s how:
Change your bank passwords first.
Even if you can’t immediately tackle all of your online passwords, spend a few minutes protecting your financial assets first—before you change any other passwords. This includes your brokerage accounts.
Use a passphrase instead of a password.
Don’t use your pet’s name or your child’s name. Use a strong passphrase. LifeLock Educational Advisor Jean Chatzky offers tips on how to create one here. Remember password collections, like the trove of information collected by this Russian gang, tend to circulate for years after they’ve been stolen.
Look for unusual charges in your financial statements.
Thieves will often test a financial account to see if the stolen credit card numbers are good AND if anyone is paying attention. Then come the high-dollar charges. So, monitor your account closely and follow up on even small discrepancies. Some LifeLock® products include personalized financial alerts that you can set up for large dollar amounts across all of your accounts—including brokerage firms. Details are available at LifeLock.com.
Update the software on your personal computers.
According to the New York Times, many of the stolen passwords were gathered using zombie botnets, getting inside personal computers. This is an easy fix: Download the latest operating-system software for your Mac or PC to ensure at least a minimum level of protection. And then consider strengthening your computer’s security with anti-virus software.
Watch your credit reports.
You can get a free credit report from each of the three major U.S. credit bureaus each year, and you can pay for more frequent access. While it’s helpful to monitor your credit closely, it doesn’t protect you from all kinds of identity fraud, including a criminal opening a new cell phone account or filing for a tax refund using your ID.
Don’t be a slacker.
After the discovery of the Heartbleed security flaw—one of the biggest vulnerabilities ever discovered in the Web’s defenses—only 39% of adult Internet users changed or canceled accounts, according to a study by Pew Research Center.
A few weeks ago, I signed up for an online password generator. It’s kind of a pain, but now my email, bank, credit card and other accounts have different passwords—long ones with symbols and numbers and all sorts of other screwiness intended to keep the hackers’ hacking machines at bay—or at least slowing them down a bit.
To get started fixing your worn-out, overused passwords, think of yourself as a crime fighter. It’s you against the bad guys. They’re after your assets—not just your online credentials, but also your money and good name.
It doesn’t get much more personal.
Posted by Cory Warren, editor