Don't be a Zuckerberg: five ways to better protect your passwords
Some advice to heed after Facebook's boss gets his Twitter and Pinterest accounts hacked.
Facebook founder Mark Zuckerberg briefly lost control of both his Twitter and Pinterest accounts this morning.
A hacker group called "OurMine Team" gained access to both, and left some rogue posts, after (it claims) gathering Zuck's LinkedIn password that was spilled in the professional networking site's 2012 security breach — which has recently come back to haunt it.
It seems the Facebook CEO is as guilty as the rest of us at re-using passwords.
In the wake of the hack, security company Symantec has weighed in with five tips, all of which are solid (see below).
Naturally, the company pushes its own password manager, but also check out Lastpass (discussed here).
The tip about focussing on your email password is a good one, and often ignored. Take heed.
-
Beef up your passwords: When creating and updating passwords, make sure that your new password is a minimum of eight characters long and doesn’t contain your real name, username, or any other personally identifying information. The best passwords include a combination of uppercase and lowercase letters, numbers and special characters.
-
Don’t re-use passwords: Once a hacker has cracked a password for one of your accounts, they’ll try to use it to gain access to all your accounts. This is why it’s important to create a unique password for each account.
-
Use a password manager: It can be challenging (or nearly impossible) to remember unique passwords for each account, so consumers should consider using a password manager like Norton Identity Safe that stores your passwords in a secure, cloud-based vault.
-
Pay special attention to email credentials: Many users fail to recognize that their email account can be a front door to their entire digital life. Think about how many times you may have reset your password on some other site and the recovery link is sent to your email account. Ensure you use a particularly strong password with both characters and numbers for your email account. And don’t reuse it!
-
Enable two-factor authentication: Many websites now offer two-factor (or two-step) authentication, which adds an extra layer of security to your account by requiring you to enter your password, plus a code that you will receive on your mobile device via text message or a token generator to login to the site. This may add complexity to the login process, but it significantly improves the security of your account. If nothing else, use this for your most important accounts.
© All content copyright NBR. Do not reproduce in any form without permission, even if you have a paid subscription.