• Home
  • Products
  • Purchase
  • Support
  • Company

CompuClever Blog

How to Protect Yourself in a Post-Password World

July 14, 2016 by Charles Edward

If you’ve been paying attention to the news recently you will have noticed there has been a cluster of recent privacy “megabreaches” involving more than half a billion passwords. Here are some tips to keep you safer online.

If you are a Netflix subscriber, you may have received an email notice recently telling you to change your password as soon as possible.

In fact, if you’ve been paying attention to the news recently you will have noticed there has been a cluster of recently exposed megabreaches involving more than 642 million passwords belonging to users of LinkedIn, Twitter, and even long-forgotten Myspace.

There seems to be a new one every week. Here are a few examples:

  • Twitter locks some accounts after 32 million passwords (June, 2016)
  • Hackers Breach Over 1,100 Websites, Steal 45 Million Passwords (June, 2016)
  • ISP suffers massive password leak online (June, 2016)
  • Amazon Implements Password Reset after Credentials Leaked Online (April, 2016)
how to create a strong password
Websites that have released email and password details to hackers. From the website haveibeenpwned.com. “Getting pwned” is Internet slang for “getting compromised.”

Password Hacks: Lose Control of Your Entire Life

In some cases, a password breach is an annoyance that can be fixed by changing your password. Other times, getting your password hack means losing control of your entire life. Many of us with Yahoo, Hotmail and Gmail accounts have years of our life stored online.

Online accounts also typically contain sensitive credit card and banking information. Even worse, many online services depend on email accounts for help logging in. For example, if you’ve ever forgotten a password for Pinterest or Facebook, you typically need to use an email address that is officially associated with the social media account for help getting back in. If your email account is compromised, you can totally lose control of your entire life.

How Mark Zuckerberg’s Password Got Hacked

No one is immune from having their password stolen. For example, Facebook founder Mark Zuckerberg’s Twitter and Pinterest accounts were recently hacked.

mark zuckerberg got hacked

How did the hackers get access to Mark Zuckerberg’s Twitter and Pinterest accounts? It turns out a password breach at another social networking site earlier was to blame. This past May, LinkedIn, a social networking site for professionals, announced that a staggering 117 million passwords were stolen. All of the passwords were uploaded to the Internet where anyone could see them.

Zuckerberg’s LinkedIn password was one of them.

Most People Use the Same Simple Password Across Multiple Sites

Zuckerberg’s password for LinkedIn was dadada. Hackers put two-and-two together and discovered Zuckerberg reused his LinkedIn password on Twitter and Pinterest, and were briefly able to hack into his accounts (and this was before millions of Twitter passwords were hacked just this past June).

Mark Zuckerberg’s experience highlights several common themes about password theft in 2016:

  1. people tend to use simple passwords
  2. people tend to reuse their passwords
  3. security breaches happen all the time

And, perhaps most importantly, anyone, including the head of one of the world’s most sophisticated internet companies, can have their online accounts hacked.

Password ‘Worst’ Practices: Things We All Do, But Really, Really Should Not

There are some pretty common mistakes when making passwords that everyone knows (even if they often ignore):

  • Using the same password everywhere
  • Never changing your password
  • Using information that’s easy to obtain, such as your birthday, as part of your password

However, there are some other mistakes people often make when creating a password, such as:

Letters Only

More secure passwords consist of combinations of numbers, special characters or punctuation marks as well as a mix of upper and lower case letters throughout the password.

Short in Length

The shorter a password, the more opportunities for observing, guessing, and cracking it. A strong password is at least 8 characters long. Some organizations now enforce a minimum length and variety of characters to help strength the company passwords.

Too Old

You’ve used the same password for years. Usually it will take a hacker a very long time to crack a long, complex password. If you change your password every 90 days or as required by your computer network, then the chances of your password being cracked are even more diminished.

Here are the 10 most popular passwords in the world… is yours one of them? These “top ten” passwords have of course been identified in part by countless data breaches:

  1. password
  2. 123456
  3. 12345678
  4. 1234
  5. qwerty
  6. 12345
  7. dragon
  8. pussy
  9. baseball
  10. football

How to Protect Yourself: Two-Factor Authentication

The problem is, even the best password in the world can be hacked. As many people have discovered at LinkedIn and Twitter in June, some of the largest internet companies in the world can be compromised, releasing your password details to anyone and everyone.

And, what happens if the email account you use for online banking gets hacked? Your banking details are laid bare, and there’s not much you can do about it. Strong passwords are just not enough.

This is where two-factor authentication comes in. What is two-factor authentication? The easiest way to understand it is to think about how you log in, for example, to your email account today. You go to the login page, type in your username and password, and log in. It’s just one step.

With two-factor authentication, it takes two steps to log in, usually with the help of a mobile phone, or another email account.

If you have used Twitter or even Facebook, you may have encountered two-factor authentication before. You attempt to login to Twitter, and Twitter than asks you to produce a code texted to your mobile phone. Google and Microsoft actually have a special code generator app that does away with the need for receiving texts.

This can be annoying because if you don’t have your mobile phone — perhaps it’s out of charge — you can’t receive the text or code, and you can’t login to your account.

Or, sometimes when attempting to login to an online account (Outlook.com, Microsoft’s email service does this), you’ll be emailed a special code to an email account associated with the web service. Once again this can be frustrating if for some reason you can’t login to the associated account.

On the other hand, potential hackers are presented with the same problem: if they do not have access to your mobile phone or your backup email but they try to hack into your account, they can’t receive the extra security code they need to login.

So this added protection of a “second factor” of authentication — proof someone needs to login to your email account — generally keeps you safe.

Generally. But even two-factor authentication can be hacked.

How Two-Factor Authentication Can Be Hacked, And What You Can Do About It

Two-factor authentication can be hacked: there’s an “easy” way, and there’s a harder way. With the easy way, a hacker may simply hack into and take over the email account that receives the security code you need to log in. It’s just an email account, and it can be hacked.

Sending a security code via text message should be more secure, since it’s less likely that a hacker someplace has access to your mobile phone. However, hackers who have figured out your account can actually “spoof” you, and can trick you into sending them the security code from your phone. The hackers may text you or call you up, pretending to be from your bank or even from Gmail. You send them the code, and they can get access to your account.

Disaster!

So, two-factor authentication can still be beaten. However, it’s still the best way to keep your passwords safe, so, to beat the hackers: never, ever share a security code with anyone online. Always keep them to yourself.

Keep Your Computer Safe, Too

You should also be aware that, unless you take precautions, hackers can steal passwords from your computer, too. The best defense this threat is to install and deploy an effective and updated antivirus and anti-spyware solution that features a strong anti-phishing mechanism.

For example, CompuClever Antivirus PLUS features an ironclad information safety mechanism called Data Protection. Data Protection prevents sensitive data leaks when you are online. Based on the rules you create, Data Protection scans the web, e-mail, and instant messaging traffic sent by your computer.  It looks for specific character strings, for example, your credit card number. If there is a match, the respective web page, e-mail, or instant message is blocked.

And that keeps you safe online.

Charles Edwards frequently writes about Windows and PCs. If you have some ideas of topics you would like us to cover, email us at:newsletter@compuclever.com.

Filed Under: Blog

Don't miss out

Get a copy of "5 Tips for a Fast PC" when you sign up for our free "PC Tips" newsletter.

Subscribe Now
Archive Newsletter

Recent Posts

  • Ultra File Opener 5.7 Release Note

    Ultra File Opener 5.7 Release Note

    July 24, 2018
  • How Blue Light Affects Your Health and What to Do About It

    How Blue Light Affects Your Health and What to Do About It

    May 11, 2018
  • How to Protect Your Privacy & Identity on Facebook – Part 2

    How to Protect Your Privacy & Identity on Facebook – Part 2

    April 18, 2018
  • Facing the Truth – Facebook & Privacy

    Facing the Truth – Facebook & Privacy

    April 7, 2018
  • Spectre and Meltdown:  Massive Security Holes Impacting All Mac and PC devices

    Spectre and Meltdown: Massive Security Holes Impacting All Mac and PC devices

    January 12, 2018
  • How to Fix Computer Sound Problems

    How to Fix Computer Sound Problems

    December 19, 2017
  • Correct Ergonomics Sitting at a Computer Desk

    Correct Ergonomics Sitting at a Computer Desk

    November 17, 2017
  • Five Useful Tips and Tricks for Windows 10

    Five Useful Tips and Tricks for Windows 10

    August 27, 2017
  • Going Incognito – Browse Web in Privacy Mode

    Going Incognito – Browse Web in Privacy Mode

    August 4, 2017
  • Don’t be Held at Ransomeware

    Don’t be Held at Ransomeware

    July 14, 2017
Contact Us | Privacy Statement | Terms of Use | EULA | Partner With Us | Uninstall | Blog
CompuClever© Systems Inc. 2023 All rights reserved.
Microsoft is a trademark of the Microsoft group of companies. All other trademarks are the property of their respective owners.