After Heartbleed comes news that eBay got hacked, once again prompting us to change our passwords to something more secure and wonder if there was anything embarrassing in our watchlists. According to Reuters report on the eBay hacking, all the passwords were encrypted so, even though the hackers have them, it’s very unlikely they’ll be able to do anything with them. It’s worth remembering that, even though the hackers don;t have your password, they dop have some pretty sensitive data including things like your date of birth, home address, phone number and email – just the type of data that’s often used to verify your identity – along with anything embarrassing in your watchlists and it’s not going to do any harm to change your passwords to eBay and any other important websites you use.
We’d also strongly recommend turning on two-step authentication for sites like PayPal, Amazon, Google, Facebook and anywhere else you have sensitive information, assuming those sites support it.
When deciding on a password remember what Sir Laurence Olivier said to Dustin Hoffman in Marathon Man, and ask yourself, “Is It Safe?”
As a web consultancy it’s essential that we always create secure passwords. We maintain a lot of passwords and logins for our clients, with each client often requiring several logins ranging across websites, social media accounts, intranets, eCommerce gateways, APIs etc. We take security very seriously and have a very locked-down approach, even at the most basic levels, because it’s so easy for hackers to find ways in, but not everyone is aware of the scale of the problem.
According to security specialists Xato.net, 98.8% of people pick their passwords from a relatively small selection of (10,000) words and less than 1% of web users have passwords that are unique. 10,000 might sound like a lot but an automated hack can run through those in no time at all. computer can bang through them all in no time.
4.7% of people use password
8.5% of people use 123456
9.8% of people use 123456 or 12345678
It’s no longer sufficient to use the old secure password standbys; Simple leet speak style substitution, for example, where letters are commonly swapped for numbers and special character so that orange becomes 0r@n9£ or similar variations is easily cracked by the latest hacking tools.
Your password doesn’t have to be impossible to remember to be secure.
One of the best ways to have a secure password is to make it long. At least 20 characters is the current recommendation (it used to be 8). You might use a list or a personal phrase (avoiding famous quotes), and then add a few upper and lower case letters, numbers and a special character or two ( ! @ £ $ % ^ & etc ) and you’re actually less likely to get cracked by an automated hack than if you’re using some of the popular random password generators.
The website How Secure Is My Password? claims that the passwords like MyMumsNameIsDoris!2014 or IWasBorn@HospitalIn1985 would take over 5 quintillion years to crack and it’s still easy enough to remember. Just don’t write it on the back of your laptop, as one client once did, and avoid using the same password for everything.
There’s plenty of advice available on the interweb about creating secure passwords but check the dates of articles and make sure they are current before taking their advice.