cybersec

Passwords are a necessary piece of our day to day lives online. If you have a forum account here on BestBuy.ca, you have a password. All of your email addresses have passwords and if you’re using a computer daily, you’re probably using a password to log on first thing.

As much as we don’t like to admit it, hacking (and especially hacking of passwords) is a constant threat to our online information. You may have noticed recently major websites like Twitter and Reddit failing to open because of a huge internet attack. While these attacks didn’t seem to focus on stealing IDs and passwords, they should raise our awareness that bad people are out there and many of their attacks are aimed at obtaining access to your personal information.

So you really need to be careful. You may feel that you come off as crafty with your fancy 12 letter, special character and numbers password but step back a moment and think about how many websites you’ve already used it for.

That might be the start of the trouble.

Understanding the dangers of account data breaches

datathief2016 has been a monumental year for data breaches, especially among sites that many Canadians use daily. In May, approximately 146,000,000 LinkedIn accounts were breached, exposing email address and password details. In January, nearly 71,000 Minecraft players accidentally had their account details exposed and in perhaps one of the most concerning data dumps, over 300,000,000 MySpace account details were made public out of a breach that may have happened nearly a decade ago.

Think about this: how many of us had MySpace accounts a decade ago? Now think about how many other places you may have used that password? Maybe online banking? Shopping? Dropbox or photo hosting? It’s a scary road to travel down and think about. Reusing passwords may seem necessary to lower the risk of forgetting, but it also raises the risk of being hacked.

Why having different passwords everywhere is important

 It wouldn’t be shocking to think that through the course of your lifetime, you’ve probably registered for upwards of 100 or more websites. This could be a mixture of email addresses, social media and everything in between. That’s 100 or more passwords you’ve been asked to create. How many of them were unique?

While you’ve probably switched up user IDs, have you fallen guilty to some of the traps that many user IDs fall into? How many websites have you signed up for using the same combination of email address and password? In the interest of making it easy for yourself, you’ve probably made it just as easy for a hacker to access your data on multiple websites. If the same password has been applied to things like online banking, shopping and your email accounts, you’ve made it pretty easy for someone who cracks one location to then enter your credentials at other locations and pretend to be you. 

ccbreachgeeksquad

It’s important for you to map out and keep your passwords as unique and separate as possible. 

The Dangers of “Forgot my Password” clues

It always seems tempting to jump into “Forgot my Password” clues as part of the password creation process. However, you also have to think about the answers you’re giving. How public is the knowledge of your pet’s name, your father’s middle name or the name of the street you grew up on? The trouble is that as easy as it will be for you to remember something like this, it will be just as easy for somebody that might know you that is trying to access this information online. Be creative with these. You may want to bypass answering the direct question and using one of the creative password strategies below instead, especially if the name of your first pet is as common as “fluffy” or “scamp.”

Strategies for coming up with creative passwords

Passwords are not going away anytime soon so develop strategies for coming up with creative passwords. Needless to say, a password should be something that only you know and would be able to enter and recall to log in.

A few really odd suggestions have floated past the Geek Squad desks over the years. One person loved taking the really obscure lyrics of some of their favorite songs and turning those into a password somehow. For example, if you’re a fan of AC/DC’s “You Shook Me All Night Long,” a password suggestion could come out of the line “Had to cool me down to take another round. Now I’m back in the ring to take another swing” which is part of the second verse but taken out of context, means nothing to anybody outside of perhaps former lead singer Brian Johnson himself.

steal_password

A few programmers have told us that their passwords are some cleverly crafted piece of code that sticks out to them but nobody else. Others have mentioned movie lyrics.

The trade off is that no matter how difficult you shoot to make your password, try to make it so that you don’t outsmart yourself when you start swapping characters, adding numbers or pushing the limit of underscores. One of our Best Buy bloggers recalled being locked out of his childhood computer when it hit screensaver mode because he made his password so difficult and rife with special characters that he had to disable it altogether.

You could also consider using a password generating program but it might be hard for you to remember what it generates since it’s difficult for us to remember something that our minds don’t normally associate with. However, that is a positive in the sense that if you CAN remember it, it has no other context in which anybody you know could associate the term with you.

Ultimately, find a system that works for you and only you and implement it with the tips mentioned above. Do what you can to avoid becoming another statistic in the war against identity theft.

And if you do find that your passwords have been compromised, respond cautiously and quickly and thoroughly.

Cautiously: How did you learn about the breach? If you received an email notification of a data breach, don’t just click on a link in the email to reset your password. Often such emails are sent by the hackers to get more passwords from you. Instead, open your web browser and go directly to the site, your bank’s website or whatever, and follow their security protocols to reset your password and secure your account.

Quickly: How long do you have to respond? Often when a breach of a major site is announced, it had been known about and under investigation for many days already. So you should take time as soon as you can to change the password on all sites where you think your information may be at risk.

Thoroughly: What else should you do to ensure you are protected? That really depends on your situation.  Geek Squad can help. Visit a Geek Squad department in any Best Buy and explain your situation and a Geek Squad agent will explain ways for you to identify online vulnerabilities in your life. You can even get a free computer health check-up while you are there.

geek2