After the news about the theft of millions of user passwords from the business-based networking site LinkedIn, dating site eHarmony and Last.fm, users should be extra vigilant with their online security, according to BullGuard.
In reaction to the recent attacks:
- Users should change the username and passwords for unrelated accounts that use the same username and/or password as the affected account. As most people use the same few passwords/security questions for all their accounts, stolen passwords pose a major security risk.
- Change security questions and password on accounts where possible.
- Avoid social media applications that ask to access your personal information to allow you to continue.
- As much as possible, limit the personal information that you make public on social media websites.
- Only download applications that are provided by a trusted source.
- Be suspicious of any e-mails that request your personal information no matter how legitimate they may seem.
Advice on how to protect personal details on public networks:
- Familiarise yourself with the security settings and ensure that an account doesn’t reveal too much information to users that haven’t been approved to view it. Also consider whether the information you store online really needs to be there, or whether it could be potentially used for fraudulent activity if read by a malicious third-party.
- Do not store credit card details online. Many services have so-called “e-wallet” services which allow users to store credit card details, in order to make future purchases fast and easy. This conflict between security and convenience is a huge dilemma for online services, and should be something end users consider carefully as well.
- Do not use the same passwords and security questions for all accounts. Most people alternate between 2 or 3 passwords for everything. Consequently, if one account is hacked, identity thieves have access to all different profiles and accounts. Ensure that passwords and security questions used for banking and money transfers are very different from the ones used elsewhere.
- If users mention a child’s, pet’s or spouse’s name on social media sites like Facebook and Twitter, do not use these for passwords.
- Only make purchases with devices that have security software (minimum antivirus and firewall) installed such as a home or office PC.
- Always ensure that security software is up to date.
Advice on safe password use:
- Choose safety over convenience – Since there are so many websites around that require login and password details to access a user account it’s all too common to see people adopting straightforward, easy to memorise passwords that could simply be “guessed”. A survey by data security firm Imperva analysed 32 million passwords to find the top-ten most commonly used. Five of the top ten were simply sequential digit strings such as “123456”, with the remaining including “password” and “abc123”.
- Avoid personal information, such as a mother’s maiden name, favourite pet, birthplace or date of birth when choosing a password. This sort of information is frequently used to confirm authenticity with online banks and services, and could therefore be subject to keylogging and phishing scams.
- Use a combination of letters and numbers in a password as well as a word that would be very difficult for a third-party to guess. With a bit of practice it becomes almost second nature to tweak common words in this way to generate a more difficult to predict phrase.
- Change passwords as often as possible, particularly in the case of sites that involve frequent or large monetary transactions such as bank accounts, online payment services and commonly used e-retailers. However, it’s not usually a good idea to “rotate” a handful of passwords around as hackers can quickly build a list of common words and phrases if they have gained access to a computer.