Imagine losing your Gmail, Twitter, Apple (AAPL) and Amazon (AMZN) accounts in just one hour. That’s what happened to Wired.com senior writer Mat Honan last August. He lost eight years worth of data and tells the tale in the cover story of Wired magazine’s December issue.
If this nightmare could happen to an editor at a leading tech publication, what are the odds it could happen to you? It’s a sobering question during this holiday season when many of us will be shopping online more than usual.
Mat Honan tells The Daily Ticker that most people don’t have to worry about online shopping but he warns that there are an “alarming” number of “password leaks.”
Honan says passwords now ought to be just one tool in a security arsenal, “not the entire arsenal.”
Passwords, coupled with usernames, are the primary way people access their online accounts and protect those accounts from hackers. But Honan says no matter how complex or unique those passwords, they don’t offer the protection that’s needed.
He recommends this series of do’s and don’t’s for passwords that could help users.
Password Don’ts
- Don’t reuse passwords.
- Don’t use a “dictionary word.” That means don’t use a single word alone.
- Don’t use words that use “standard number substitutions” such as the number 4 for the letter “a” or the number 5 for the letter “s,” which resemble each other. Hackers have tools that can crack those substitutions.
- Don’t use short passwords. They’re also easier to crack.
Using the same password for multiple internet sites is the most common mistake people make, says Honan.
Password Do’s
- Enable a second factor of authentication — in addition to a password — when offered. An example is the black rectangle that pops up asking you to type in the characters that appear on the page in a bold, dark black swirl. They’re annoying and crackable but, writes Honan, “better than nothing.” Honan recommends that you use double protection for your primary email and bank accounts and any other crucial online account. He says Gmail and Facebook offer this secondary authentification.
- Give bogus answers to those security questions that are asked when you forget your password. You may have a harder time remembering this fiction but hackers will also likely have a harder time figuring it out.
- Scrub your online presence. Hackers can access accounts through your email and billing address information. When available, use opt-out options to get that information removed from online databases. Honan says sites like Spokeo and WhitePages.com offer that option.
- Create a secure email address to recover passwords that is used for that purpose only and have a username that’s not y tied to your name. Honan writes that hackers can more easily access your online information if they know where web sites send your password resets and a second email account can help thwart those efforts.
Finally, when shopping online this holiday season Honan recommends using disposable credit card numbers — which function as virtual prepaid credit cards — especially when buying gifts from small businesses. Those businesses “tend to be bigger targets” for hackers, says Honan.