14 DAY TRIAL // Online security is always a concern but with information on some 30,000 compromised email accounts from all of the major web mail providers surfacing this week, it's more apparent than ever that users need to do more to protect their online data. The accounts in these cases were stolen using all-to-common phishing schemes and weren't a result of poor security measures from the providers. Google was also hit in this latest wave but the company claims only about 500 Gmail accounts were compromised. Regardless of that, it decided to release several mostly well known and common sense tips on how to create stronger passwords for your accounts.
The first tip is to use unique passwords across different services and products. This really needs no explanation, when using a single password for everything; if one service is compromised, then an attacker can use the data to access all of the other ones the user may have. And, while having a Facebook account infiltrated may not seem like the end of the world, a compromised banking account is much more serious.
The second biggest issue is users relying on weak passwords made up of common words of phrases. In fact, one of the most widely used passwords is “password.” Google suggests using a combination of lowercase and uppercase letters plus numbers and symbols to make it much harder for an automated attack or a determined hacker to guess it.
Another common mistake is using passwords based on identifiable personal information. Using pet names or birthdays is an easy way to remember a password but it also makes it easy for an attacker to get a hold of that information and use it to guess the password. Many users also write down or save their passwords in a file on their computer in case they forget them. Google suggests not leaving the password lying around the office or save it in an obviously named and easy to find file where someone could steal it.
Finally, it is possible that users forget their passwords especially if they are stronger ones for sites they don't visit that often. In this case, most sites offer options for retrieving the passwords either by entering your email address or answering some security questions. But these too could potentially be used to steal the password so a good tip is to use information that isn't likely to easily be known by others.