Q: Should I be concerned about the news that Russian hackers have stolen a large number of passwords, and if so, what should I be doing?
A: If the reports are accurate, a Russian gang has apparently pulled off the largest known hack of private internet information ever.
Hold Security of Milwaukee claims to have discovered a global compromise of over 1.2 billion usernames and passwords from roughly 420,000 websites, including 500 million email addresses.
Sounds terrifying, right? Don’t panic.
It’s not yet clear how serious or recent the threat is.
Forbes points out the computer security company that alerted the New York Times to the hack stands to gain financially by people searching to see if they’ve been affected.
And, The Verge notes the information may have actually been stolen in earlier hacks.
So, the chances of your accounts being exploited first are pretty low. That means you have time to change all your passwords before a criminal attempts to use the stolen credentials.
This, once again, underscores the importance of not using the same password on all your online accounts. Hackers will automatically try to use your username and password on every major website because they know so many of you still make this huge mistake.
At this point, there’s no way to know for sure if your credentials have been stolen, so you should assume they have and act accordingly.
In any case, this is a great wake-up call to strengthen your password protection by doing the following:
Change all your passwords and make sure every online account has its own password. To make this more manageable, consider using a password manager. Here’s my advice on easy-to-use password managers.
Longer, easy to remember passwords are more secure than short, complicated passwords — aim for at least 15 characters, but make it easy to remember. Example: I Hate Passwords! is much more secure than A8y@q7P1 and much easier to remember.
Make sure your e-mail account has a very strong password — your e-mail account is the gateway to all your other accounts. Remember, that when you forget a password, the reset message gets sent to your e-mail account making it really easy for the bad guys to take over if they get in.
Make sure you have a passcode setup on your mobile devices – mobile devices are easily lost or stolen, and if you don’t have a passcode to keep strangers out, they have direct access to your e-mail account.