What Happens When the Password Hacked Is Your Own?
5 Ways to Avoid Compromising Your Business and Personal Information
August 27, 2012
Views
In the world of security consulting, I constantly pontificate the virtues of protecting your password and proper password management. That said, there are times when nefarious beings are able to get their hands on your password, as evidenced by the recent rash of password compromises at LinkedIn and Billabong. I recently even had the unfortunate experience of having my personal email account briefly compromised. What have I learned from these current events and from my recent experience? Here are 5 take-aways on protecting your password, yourself, and your business:
1) Use proper password management. This should go without saying – your critical passwords should ALWAYS be different than your common ones. My banking/financial passwords are not even remotely similar to other passwords I use. For your uber-sensitive passwords, you may even ask your financial institution for a single-use password solution for performing remote banking/financial transactions. You may end up with some “quasi-public passwords,” some private passwords, and some sensitive passwords. There are gobs of articles, blog posts, etc. about how to choose a good password, so I will spare you the detail.
2) If one of your passwords does get compromised, change ASAP. Keep in mind, sometimes you have no control over these situations. The compromises at companies like LinkedIn and Billabong occurred when the attackers got their hands on poorly-protected (i.e. weak hashed) passwords. Okay, changing your compromised password is a no-brainer. But you should consider also changing the passwords on any other accounts that use the same password. That’s because the attacker could possibly attempt to use your credentials (user name/hacked password) on other accounts.
3) DON’T store your passwords ANYWHERE. Not in a file on your computer, not in some secure cloud, not in your email files. Do you leave your key under the doormat? No. Then don’t leave your passwords in publicly-accessible areas either. How then can you remember these multiple passwords? What I do is write down a reminder of the password. This way, even if someone finds the reminder, they would have a difficult time guessing the password. Something like “bike” to remind you of a password of “83NightHawk,” or “June gig” (Ph1shAlpineValley). These reminders can be sanity savers and can be used in a way that doesn’t really tip off anyone who may get their hands on that file.
4) Remove potential scary stuff from your email NOW: If someone or something gets the password to one of your email accounts, do you know if you have any messages within your email folders that may contain sensitive business and personal information, such as a passwords, banking or tax information, details about your clients or business? Yahoo and Gmail for example, are just clouds for storing your email messages. You should do everything you can NOT to put any sensitive information where an attacker could get his or her hands on it.
5) Be Vigilant. It can happen to anyone — even if you are paranoid and careful. So be aware and ready to respond.
A compromised password, if left unchecked can lead you down a slippery slope. Do you have any experiences to share to prevent password theft, monitor nefarious activity from password compromise, or lessons learned?
AT&T
Networking Exchange : Topics : Security : What Happens When the Password Hacked Is Your Own?
What Happens When the Password Hacked Is Your Own?
5 Ways to Avoid Compromising Your Business and Personal Information
By Steve Levinson
Steve Levinson
PCI Practice Director, AT&T
Find me on:
1) Use proper password management. This should go without saying – your critical passwords should ALWAYS be different than your common ones. My banking/financial passwords are not even remotely similar to other passwords I use. For your uber-sensitive passwords, you may even ask your financial institution for a single-use password solution for performing remote banking/financial transactions. You may end up with some “quasi-public passwords,” some private passwords, and some sensitive passwords. There are gobs of articles, blog posts, etc. about how to choose a good password, so I will spare you the detail.
2) If one of your passwords does get compromised, change ASAP. Keep in mind, sometimes you have no control over these situations. The compromises at companies like LinkedIn and Billabong occurred when the attackers got their hands on poorly-protected (i.e. weak hashed) passwords. Okay, changing your compromised password is a no-brainer. But you should consider also changing the passwords on any other accounts that use the same password. That’s because the attacker could possibly attempt to use your credentials (user name/hacked password) on other accounts.
3) DON’T store your passwords ANYWHERE. Not in a file on your computer, not in some secure cloud, not in your email files. Do you leave your key under the doormat? No. Then don’t leave your passwords in publicly-accessible areas either. How then can you remember these multiple passwords? What I do is write down a reminder of the password. This way, even if someone finds the reminder, they would have a difficult time guessing the password. Something like “bike” to remind you of a password of “83NightHawk,” or “June gig” (Ph1shAlpineValley). These reminders can be sanity savers and can be used in a way that doesn’t really tip off anyone who may get their hands on that file.
4) Remove potential scary stuff from your email NOW: If someone or something gets the password to one of your email accounts, do you know if you have any messages within your email folders that may contain sensitive business and personal information, such as a passwords, banking or tax information, details about your clients or business? Yahoo and Gmail for example, are just clouds for storing your email messages. You should do everything you can NOT to put any sensitive information where an attacker could get his or her hands on it.
5) Be Vigilant. It can happen to anyone — even if you are paranoid and careful. So be aware and ready to respond.
A compromised password, if left unchecked can lead you down a slippery slope. Do you have any experiences to share to prevent password theft, monitor nefarious activity from password compromise, or lessons learned?
Networking Exchange Blog
Get the latest posts delivered right to your inbox. [+]
Receive our daily or monthly email updates and keep current on all the hottest networking trends, perspectives and reports.
Networking Exchange Blog
Thank you for subscribing. Your alerts will be sent to . Be sure to add networkingexchange@attbusiness.com to your safe contact list.
You Might Also Be Interested In...
Networking Exchange Blog
Get the latest posts delivered right to your inbox. [+]
Receive our daily or monthly email updates and keep current on all the hottest networking trends, perspectives and reports.
Networking Exchange Blog
Thank you for subscribing. Your alerts will be sent to . Be sure to add networkingexchange@attbusiness.com to your safe contact list.