LinkedIn, eHarmony and Last.FM have all been victims of hacks this month, with users’ encrypted passwords being posted online. The LinkedIn breach alone resulted in 6.5m hashed passwords being published on a forum.
What makes these hacking incidents so dangerous is that, amazingly, a high proportion of people continue to use the same or variations of the same password across all their online accounts, be it email, social media or online banking. In light of this, someone unscrupulous gaining access to your LinkedIn password becomes a much more serious concern.
Users of these sites with weak passwords are the most vulnerable, but all users should take the precaution of changing their passwords. If the same passwords are used on any other sites they should be changed there too. You should always avoid using the same password on multiple sites. In 2012, that’s the equivalent of going on holiday and leaving the keys under the doormat.
If you think you may have been affected by any of these incidents, for the next few weeks be especially wary of any emails purporting to be from these services asking you to log in and change your password, as these will almost certainly be phishing scams. To keep yourself safe you should always visit the site directly or through a bookmark, never from an email link.
Ultimately, of course, prevention is better than cure and individuals should take steps to protect both themselves and their business. The approach to mitigating risk is twofold: use a strong password and don’t use it more than once.
Weak passwords are extremely vulnerable as these can be very quickly decrypted, and using different passwords on every website isolates exposure should one site be compromised. To create a strong password, make it long to increase the number of possible permutations and don’t use dictionary words as they are much easier to crack. Using a mixture of upper case, lower case, numbers and special characters helps by increasing entropy.
Don’t forget to remember
However, while advice to use complex, unique passwords for all sites is well and good, the problem for many users of multiple sites is that it’s difficult to both create and, crucially, remember those login details.
Some solutions completely eliminates the need to memorise multiple usernames and passwords while helping users increase their online security by generating very strong encrypted unique passwords for all of your online accounts including social media. These long, high-entropy passwords are much more difficult to decrypt and minimise your risk from hacking.
Think of a password management solution as a safety deposit box in a secure vault for which there is only one key. The security of this vault is a priority and users’ details are protected using two layers of authentication: firstly username and password, and second, a key phrase. This key phrase is then translated automatically into a unique key, which would take the most advanced computers millions of years to decipher.
Good solutions employ military-grade encryption, using stronger encryption technology than many online banking platforms. Users’ keys are never stored on the servers and not even our employees can see or access users’ data.
With good solutions, login details are initially encrypted using 256-bit AES, and are then further encrypted using 256-bit SSL before being sent across the internet. 1024-bit RSA encryption is also used to secure shared login details. SSL certification is provided, and users’ information is stored in datacentres that operate within a ISO27001 accredited secure environment.
With each new hacking incident, individuals and businesses are finally waking-up to the idea that organised cybercrime has become a day-to-day threat and that increased password security management is absolutely essential. I predict that online password management solutions will be as familiar a concept as virus scanning within the next 12 months.