Yahoo was hacked last week. Again. It’s the second time in a month. The hackers made off with an untold number of passwords and other user data. (If you have a Yahoo account and haven’t changed your password lately, drop everything and do that right now. No really, I’ll still be here when you finish.)
Last December, hackers busted their way into Google and Facebook, absconding with over 2 million passwords.
In November, they got 150 million passwords from Adobe. Yes, you read that right: 150 million.
LinkedIn, Zappos, Bell Canada, Microsoft, Apple, Twitter, Evernote. All recently hacked for user information. And it’s not bad enough that the passwords are stolen, but then the hackers dump the databases online for anyone to download and play with.
It’s an epidemic. And it’s getting worse. It wouldn’t be so bad if we had a single password that we could change once in a while. The trouble is that most of us have multiple accounts all over the place, and we have to maintain a lot of passwords. We need a password for our email, one for our bank, one for Facebook, one for our favorite hair metal forum, and countless more for all the other sites we use.
Managing all those passwords can be a pretty big chore. Some people make it easier on themselves by picking a password that’s easy to remember and then they use it with multiple places. That’s a really great way to lose access to everything and get your identity stolen! And yes, people discover that fact every day.
This day and age, we have to be vigilant with our online identities, and we have to work really hard to make sure no one else can access our accounts. But how do we do that? Should we change them more often? Make them longer? Use more of them? The answer to all those questions is yes. And no.
Any time I hear of a new breach where passwords or user data was compromised, I try to pass it along to family and friends so they know to change their passwords if necessary. I try to motivate people to be smart about their passwords, but I still encounter folks who use their dog’s name for the password on every site they use. People either don’t get it or they’re too complacent to change they way the operate because they feel “it will never happen to me.”
If you fall into this category, you’re playing with fire. It’s not a matter of if you’ll get hacked; it’s a matter of when. Believe me, I was one of them…and I was hacked.
About two years ago, someone figured out the password for my Yahoo account (fitting, isn’t it?). Luckily, all they did was send out spam messages to people in my address book. I was very, very lucky. If they wanted to, they could have changed my password to lock me out. Then they could have gone through all my email folders, found out what other sites I used (like credit card companies), and send them password requests to get into them. Scary though, isn’t it? I was lucky. Other people have actually had things like that happen. It’s a mess to fix.
The only way to completely avoid this scenario is to close every online account you have and join an Amish settlement somewhere. For most of us, that’s not a very compelling option. So what’s the next best thing? You need the Holy Grail…the Fort Knox…the Chuck Norris of passwords: A password so strong that hackers run screaming when they see it. Okay, that’s not really going to happen, but I think you get the point.
This introduction is the first of a multi-part article where I will attempt to explain how sites use passwords to grant access, how hackers crack passwords, and what you can do to create passwords strong enough to avoid being compromised.
Keep an eye open the next day or two for part two of this series: Password Storage Through the Centuries.