Highlights from the last few months in cyber-chaos
- April, 2014 – The “Heartbleed Bug” strikes, affecting as many as 500,000 websites.
- November, 2014 – Sony Pictures Entertainment hacked by person/persons unknown; leads to a complete and total meltdown in Hollywood, forcing people in the “biz” to actually pick up a phone and talk to their cubicle mate and for the rest of us to stream a bro-stick comedy over Christmas that we all probably would have been better off waiting for on Netflix.
- December, 2014 – North Korea’s Internet service undergoes a “DDOS attack” (distributed denial of-service) by person/persons unknown.
- January, 2015 – US Central Command’s Twitter and YouTube accounts hacked by Islamic State sympathizers
- Retailers such as Target, Neimann Marcus, Michaels, Aaron Brothers, PF Changs, UPS, Home Depot, Chik-Fil-A – ALL HACKED!!
A recent study found that 13.1 million U.S. adults are victims of fraud, with a total somewhere in the $18 billion range of fraudulent activity accounted for annually. Earlier this month, President Obama proposed legislation that would encourage companies and government agencies to share information about security threats and vulnerabilities with each other.
Remember when you got that email from your bank, your social media website, your email server to change your password in the wake of Heartbleed. Did you actually do it? A Pew research study last year found that only 61% of those who knew about Heartbleed changed their passwords.
Just how lazy are we?
A survey from 2012 by Research Now for CSID on password habits among American consumers found:
- 61% of us reuse passwords across multiple websites.
- 54% of us have 5 or fewer passwords for all of our internet usage.
- 44% of us change our passwords once a year or less.
- 89% of us feel secure with our current passwords and security habits.
- 21% of us have had at least one online account compromised.
Splashdata’s annual list of most commonly used passwords found that “password” had been supplanted by the surely uncrackable“ 123456” as the most popular password of 2013.
So what kind of passwords should we be using?
The latest and greatest recommendations from cyber experts, including Blizzard’s own Hosting Manager, Tish Lockard, agree on the following guidelines for creating strong passwords:
- A strong password should contain AT THE VERY LEAST 8 characters, combining upper and lower case letters, numbers, punctuation marks and symbols; there should be no inclusion of words found in the dictionary or the names of your friends and family.
- Never use easy to discover dates like birthdays or anniversaries; you’d be surprised what is clearly visible on our personal and business social media pages these days.
- You should have a unique password for all of your important accounts.
- You should change your passwords every 90 days and not reuse them for different sites.
There are password generating sites that will create strong passwords for you. Tish says, “Can’t think of a good password? There are tools out there, such strongpasswordgenerator.com that will cook up a good one for you. You can even decide the length of your password and what type of characters to use. I use this Every. Single. Day.” Hear that? Every single day! I am listening Tish! Some others generators are random.org and freepasswordgenerator.com.
How the B!33P am I supposed to remember that gobbledygook?
How are you supposed to remember these nonsensical passwords? I know I have been loath to use passwords like those described above because there is no way I am ever going to remember them. Most security experts recommend the use of a password manager such as Dashlane.com, LastPass.com or 1Password.com which have apps that can go with you from your computer, phone and tablet. YES, you will have to have a password for these heavily encrypted secure sites, but if you can’t remember ONE goofy password, well, maybe this World Wide Web thing just isn’t your bag.
DO NOT store your passwords in a public cloud, in a Google doc, in emails that can be hacked, on your phone’s notepad app or maybe not even in that little spiral Hello Kitty notebook that you carry around with you everywhere unless you have really bad handwriting.
According to Tish, “If everyone could make these criteria a priority and truly commit to changing their passwords regularly, there would be a lot less chaos in the world. Well, ok, chaos caused by hackers, anyway.” If we listen to Tish, at least we all can do a little something about this cyber chaos. The hacker free-chaos, Tish and I will endeavor to deal with that another time.
Whatever method you decide upon to have truly secure passwords, remain ever vigilant as you cruise along the world-wide-web. There are hackers around every bend and it’s up to you to keep an eye on your online accounts. And don’t forget that old adage, if you don’t have something nice to say in an email about someone, maybe just jot it down in your Hello Kitty notebook.