As many as 1.2 billion user names and password combinations may have been stolen. Security experts are urging consumers to be more vigilant online.
The New York Times is reporting that several computer security firms say they have identified an effort by a Russian cybergang injected malicious code into at least 420,000 websites to gather the data. Because people tend to use the same password, or a form of the same password, on multiple sites, when even a medium-sized breach occurs, it can have major repercussions because those passwords are used on so many systems. This no medium sized breach. It' enormous.
Suggestions from the experts:
• Prioritize. Identify the accounts where your money is. Identify the accounts where your medical information is. Identify the accounts where your sensitive medical information is. Change those passwords now.
• Mix it up. Create passwords that are 10 characters or longer and include uppercase letters, lowercase letters, symbols and numbers
• Split social media and money. Do not use the same password for credit cards and bank accounts that you use for social media or websites. Do not even use a form of them.
• Revise record-keeping. Don't store your account information in an unsecured document on your computer or network. It is best to keep such information as a secure hard copy.
• Keep data close. Don't share your password, even with friends and family. If particular circumstances require that you do so, change the password at the first possible opporunity.
• Stay informed. Beyond changing passwords and creating better ones, watch the news for stories like this one.
Daily Kos Diarist stevemb suggests that we Use A Password Manager. "Most people simply can't remember more than a few strong passwords, so they fall into bad habits of using weak passwords (bad -- an automated guessing program will break it easily) or using the same password everywhere (worse -- one breach and everything falls).
The problem can be avoided by using a password manager; you only have to remember one master password. I use KeePass, which has versions for just about all platforms (including mobile devices) and is free; searching for "password manager" will turn up other options.
On the Internet, nobody knows if you're a dog... but everybody knows if you're a jackass.
by stevemb on Wed Aug 06, 2014 at 06:02:49 PM CDT. Thanks stevemb