Curious About Security

Time to Change Your Passwords

| Comments

The year 2014 has been a year of insecurity. There have been some pretty serious breaches and some really nasty security vulnerabilities that have put a substantial number of user credentials at risk.

In April there was the Heartbleed Bug, which left a substantial chunk of all Internet sites vulnerable to exposing not only usernames and passwords, but all data exchanged with vulnerable sites.

In May, attackers “compromised a small number of employee log-in credentials” at eBay. The attackers then leveraged these employee credentials to access a database containing “eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth.” All eBay users were asked to change their password, indicating a potential compromise of all of eBay’s 145 million active users.

Most recently, in August, Hold Security has revealed the largest breach of user credentials of all time. Hold Security claims that a cybergang, they have dubbed CyberVor, was able to collect over 4.5 billion records – “1.2 billion of these credentials appear to be unique, belonging to over half a billion e-mail addresses”!

With all that has happened this year, it is time to change your passwords. And this is a good time to talk about password best practices:

  • You should use a unique password for each login.
  • Passwords should consist of uppercase, lowercase, numbers and special characters.
  • They also should be at least 8 characters long.

“Surely, you’re joking,”, you say, “isn’t there a Dilbert comic about this?” Actually, the Dilbert comic is LESS restrictive. Unfortunately, this isn’t a joke. As computing power has gotten stronger, it has become easier to crack passwords requiring more and more complex passwords.

However, there is a solution! Use a password management tool such as LastPass or 1Password. Password management tools allow you to use a single password to access the tool. From there, the tool will generate passwords and store them securely. Both of these tools can be used for free in your browser of choice. However, if you want to use them on your phone, you will have to buy a premium license of $12 or $9.99 respectively.