The New York Times broke the news to us Tuesday: Russian hackers have amassed more than 1 billion (yes, with a B) Internet passwords. And you thought the Target hack — 40 million credit card numbers and 70 million other pieces of personal information — was a problem.
Details in the story make it worse: 1.2 billion user name and password combinations and more than 500 million email addresses.
The Milwaukee firm Hold Security discovered the stolen records and an analyst for the New York Times confirmed the information as authentic.
The sad news is that data breaches are becoming more numerous and more expensive. As more of our personal and work lives are linked to key pieces of data on the web, we become more vulnerable to the enormous expense and inconvenience of having our identities hijacked. Having your Yahoo! email spam drug offers to your friends is nothing compared to having someone use your birthday and Social Security number to take out a loan or buy a car.
The upshot for all of us: We need to develop a sense of urgency about improving identity protection on the Internet. Some of that will have to come from the technology people. The Hold Security disclosure coincided with the annual Black Hat convention in Las Vegas, a gathering of hackers and security companies, according to the Times.
But it’s also going to depend on us doing the thing we just don’t want to do: creating different user name and password combinations for the many places we live on the web and changing them frequently. Microsoft Business recommends changing your passwords several times a year.
Here’s some other advice.
Use some thought when creating passwords. Longer is better, experts say, as long as you’re within the parameters of a site. Mix letters and numbers, add some unexpected upper-case letters, and throw in some special characters like exclamation points and asterisks.
Anick Jesdanun, writing for The Associated Press, points out that “PaSsWoRd!43” is better than “password43,” and “pas123sword456d” is better than “password123456.” And, by the way, don’t use “password” as your password and avoid numbers or letters in sequence: 123456 or qwerty.
Phil Lieberman, CEO of Lieberman Software, told USA Today consumers should be especially careful to keep passwords for bank accounts and credit cards totally different from those for social media.
Also make sure your Facebook log-in information is secure if you log in to other sites via Facebook. Reconsider including your age or high school graduation year in your profile as those are shortcuts to discovering your birthday, something identity hackers love to do.
Finally don’t store all your passwords in an insecure document in your email or on your computer.
We love the convenience of online banking, shopping and reading, but it comes with a price. Be vigilant, make your passwords strong and change them often. That’s got to be less annoying than dealing with ruined credit — or worse — from identity theft.