We’ve all been guilty of it— creating a password that’s easy to remember and using it for multiple sites. How else are we supposed to keep track of the dozens of sites we use on a daily basis?
Unfortunately, as we are forced to manage these number, letter, and symbol combinations in our brains, hackers are becoming more efficient than ever. As computers advance, hackers can work quickly and in groups to easily access private information. In fact, a recent Ars Technica article details hacking advances and reports that a PC running a single AMD Radeon HD7970 GPU (nerd talk for a fancy video graphics card) can try, on average, 8.2 billion password combinations per second.
So while we think we’re smart for creating intricate passwords, it seems impossible to outsmart the computer. According to the 2012 Norton Cybercrime Report, 40% of internet users do not use complex passwords or regularly change their passwords, and nearly half of users have been asked to change a password because their account has been compromised.
What’s the Worst that Can Happen?
Nobody wants to believe they are a target for being hacked, but we’re all vulnerable. Consider this– when you create a username for a site, you’ll often use your email address as a login. Next thing you know, you have a generic username on your most used sites, and your passwords may be extremely similar.
Let’s take a look at some hacks:
1) Burger King’s Twitter
Earlier this month, Twitter revealed that 250,000 accounts had been hacked. Then on Feb. 18, the Burger King Twitter was hacked, and the user that gained access announced that Burger King was bought by McDonalds
After a few hours the account was taken down, but the cause has not been identified. It just goes to show that even someone who can’t spell (note: “Fredom is Failure”), can find a way to infiltrate an account.
When a personal Twitter account goes under attack, it can be an easy-fix, but in the case of Burger King, it could have quite the negative impact on their reputation.
2) Emergency Alert System (EAS)
Recently television viewers around the Great Falls, Montana area heard this emergency alert:
“Civil authorities in your area have reported that the bodies of the dead are rising from their graves and attacking the living. Follow the messages onscreen that will be updated as information become available. Do not attempt to approach or apprehend these bodies as they are considered extremely dangerous.”
The message occurred during a broadcasting of “The Steve Wilkos Show,” airing on the CBS affiliate KRTV station. It’s been reported that a hacker broke into the EAS and affected at least four television stations.
Duane Ryan, director of programming at a New Mexico affected station KENW, admitted that the station did not change the default username and password that they received with the EAS computers, making the station an easy target for the zombie alert.
3) Wired Writer, Mat Honan
Last year Mat Honan, a writer for Wired Magazine, had his entire digital life wrecked by a hacker who was able to gain access to almost everything he had online. His experience illustrates to many the dangers of having so much private information online and the ability of hackers to exploit weaknesses in customer support systems.
In his case the vital bits of information were gained by talking to customer representatives for Apple and Amazon. Both companies use different information for verification and make some information available once you have been “verified.” Amazon gave the hacker the last 4 digits on his credit card, which they then used to verify with Apple that they were the account holder. From his Apple account they were able to erase all the data on his iPhone, iPad, and MacBook as well as gain access to his Gmail and Twitter accounts. The hacker claimed to want to expose the weakness and while he did that he also destroyed family photos, work documents, and much more.
How Can I Protect my Accounts?
It seems impossible to create a password that won’t come under attack, but there are some tips that can help keep your accounts secure:
- Create a unique username and password combination for all your sites.
- Use a minimum of nine characters when creating a password and have at least one uppercase letter, one number, and one symbol.
- Try using a randomly computer generated password.
- Use a password management app like 1Password or PasswordSafe. These will help you maintain a unique password for your sites and make it easier to remember to change your password every few months.
- Avoid keeping documents with a list of all your password and usernames. If that’s found then it’s pretty much over for you. Instead, keep a handwritten copy of your passwords that is much less likely to be compromised.
But if it does happen to you…
While it’s impossible to know when you’ll be hacked, there is always the chance that it could happen. If you realize you have been hacked, monitor the activity on all major sites to make sure it’s not across multiple accounts. A site like Breach Alarm can help you determine if your email has been compromised. You’ll want to go through and change your passwords on compromised accounts, monitor your credit reports (just in case), and make sure you revoke access to third-party accounts by looking over your settings and permissions.