A report issued this week claimed that a Russian cybercrime group stole 1.2 billion usernames and passwords from 420,000 websites.
While some security experts question the report’s findings, Symantec asserts the potential threats are important to take seriously, and recommends consumers take five steps now to protect their most sensitive password protected information:
Pay special attention to your email credentials: A lot of users fail to recognize that their email account can be a front door to their entire digital life. Think about how many times you may have reset your password on some other site and the recovery link is sent to your email account. In addition, avoid opening emails from unknown senders and clicking on suspicious email attachments; exercise caution when clicking on enticing links sent through email, instant messages, or posted on social networks; and do not share confidential information when replying to an email.
Change passwords on important sites: It’s a good idea to immediately change passwords for sites that hold a lot of personal information, financial details, and other private data. Cyber criminals who have your credentials could try to use them to access more information on these accounts. This is particularly true if you have used the same password on multiple sites. Attackers will often try to use stolen credentials on multiple sites.
Create stronger passwords: When changing your password, make sure that your new password is a minimum of eight characters long, and that it doesn’t contain your real name, username, or any other personally identifying information. The best passwords include a combination of uppercase and lowercase letters, numbers, and special characters.
Don’t re-use passwords: Once a hacker has your account information and credentials, they’ll try to use it to gain access to all your accounts. This is why it’s important to create a unique password for each account. If you vary your passwords across multiple logins, they won’t be able to access other sites with the same information.
Enable two-factor authentication: Many websites now offer two-factor (or two-step) authentication, which adds an extra layer of security to your account by requiring you to enter your password, plus a code that you will receive on your mobile device via text message or a token generator to login to the site. This may add complexity to the login process, but it significantly improves the security of your account. If nothing else, use this for your most important accounts.
The average user has 26 password-protected accounts but typically uses only five different passwords, says Symantec. In 2013, the two most common passwords were “123456” and “password.”
Consumers are experiencing password fatigue, and are resistant to regularly updating their passwords. A Symantec survey indicated that 38 percent of people would rather clean a toilet that come up with a new password.
The number one cause of breaches and compromised records in large organizations is stolen credentials, and research asserts that 80 percent of data breaches could have been eliminated with the use of two-factor authentication.