Why you need to pay attention when hackers steal data

The headlines are filled with news right now of the group of hackers who stole large amounts of personal data.  Here is why that matters to you, and what you should do about it.  You should worry because, first, your data may have been stolen.  Second, even if yours was not stolen, the lax security practices of others make you more vulnerable.  I will explain why in a moment, but first I want you to do two things immediately, while I wait for you to return.  First, change your password on all the important sites you frequent, making each password unique, long (at least 16 characters), and random-using capital letters, lower case letters, numbers, and symbols.  Second, and maybe this should have been first, to make the other task easier, is to get a password management program to both keep track of and make it easier to change passwords with new truly random and secure passwords.  The one I recommend is LastPass, but there are a number of others that work well and have adequate security.  OK, go do it, I will be waiting here for you to come back and learn why you need to do this.

The first question often asked is “Why do my passwords have to be long and random?”  The answer is to protect you from the poor security of others.  Here is an example to show you why:  When Adobe was hacked last year, the passwords for all users were published on the web.  The top ten passwords were password, qwerty, combinations of sequential or repeating numbers like 123456 or 111111, and two that involved the name Adobe or Photoshop.  These users are the one that increase the danger for you.  Adobe made it worse with their own rudimentary encryption methods, but you can read more about that on another blog on this site.  The reason these users make it more risky for you is that hackers look for patterns of these common passwords, and once they find them (using lightning-fast software designed for this purpose), they can then look for more patterns because they now know where all the letters p, a, s, w, o, r, and d are once they find just one instance of the word password used as a password.  So if they have big chunk of data all encrypted with one key, soon they can decrypt the whole block of data.  Your long and random password with random symbols will be one of the last things they figure out, if they ever do.  More likely, they won’t spend the effort and will move on to easier targets.

The second question often asked is “Do I really need to have a different password on every website I use?”  Again, YES.  The reason is that if they happen to figure out your password on one site, they have software that will then automatically try it on every other website under the sun.

Finally, the more savvy users ask “Why does a password manager like LastPass make my passwords more secure?  Can’t they hack LastPass?”  I am only really familiar with LastPass’ methods, so I cannot speak to all password managers, but I am satisfied with their methods, and so is every security expert that I have ever heard comment on the subject.  LastPass saves all your passwords in an encrypted file on your computer and also in the cloud.  The key to the encryption is saved only on your computer and is protected by your LastPass password.  LastPass has no access to the key, so they have no access to your cloud file.  And they save millions of these users files, all with its own unique key.  So even if LastPass were ever hacked, the hackers would need a billion or trillion years to decrypt all those user files one at a time.  And if your computer is ever hacked, all you have to do is change your LastPass password.

So let LastPass manage all your other passwords, and then you just have to remember one password.  To make that one more secure, I like to use a trick I learned from the web.  I would give credit to the inventor, if I knew who it was.  Pick a line from a favorite song, use the first letters of each word of that line, capitalize the keywords in the line, and then substitute symbols and numbers that look like the letters where possible.  For example, “Mary had a little lamb, its fleece was white as snow” might become Mh@11!Fww@$ where the number 1 is substituted for the lower case letter l, ! for the letter i, @ for a, and $ for S.  Add a few numbers that only have meaning to you (not birthdates, SSNs, phone numbers addresses, etc.) and you have a very secure password that you can remember.

Now, if you haven’t done so already, please go change all your passwords, including the one for this blog, if you are a follower.

Leave a Reply