LivingSocial hack is wake-up call for passwords
(MoneyWatch) Another day, another high-profile password hack. This time, more than 50 million LivingSocial users were recently affected by a cyberattack that "resulted in authorized access to some customer data on our servers," according to the daily deal site. What kind of access? Emails, encrypted passwords, and personal information like birthdates.
The passwords were encrypted, so there was no immediate danger to user accounts, and LivingSocial took the extra step of expiring user passwords and asking them to create fresh ones.
- Social engineering scam: Your password's worthless
- Essential PC security tips (send to your parents)
- The most insecure passwords on the Internet
That's great, but this emphasizes the weakness of passwords in general, and in particular the danger of relying on the same password for more than one site or service. If the passwords do eventually get cracked -- and the hackers now have nothing but time to work on it -- any other sites that user the same email/password combination are highly vulnerable.
So how do you protect your online assets? These guidelines can help keep your accounts secure from password hacks:
Use two-factor authentication. If a site offers two-factor authentication, take advantage of it. Many banks, as well as Gmail, now let you enable a system by which you need to enter both a password and a code delivered via your mobile phone, particularly if you're accessing the site from a computer that's not your own.
Use a strong password. This goes without saying -- I hope -- but your passwords should be strong (such as featuring a mix of upper- and lower-case letters, numbers, and symbols).
Don't duplicate passwords. To protect your other accounts from a hack like the one that hit LivingSocial, make sure that every site you use has its own password. Since there's no way you can remember 50 passwords, be sure to use a password keeper like LastPass or Roboform.
Lie in your password hints and recovery questions. There's no point in using a strong password if a thief can reset your password by knowing your mother's maiden name. These questions are the weak link in any security strategy, so don't use them the way they were intended.
Photo courtesy Flickr user Alexandre Dulaunoy