WASHINGTON — While honesty is the best policy, it also makes it easier for a hacker to steal your identity, says computer security expert Ken Colburn, of Data Doctors.
As Yahoo struggles to deal with the biggest security breach in history, more than a billion accounts have been compromised.
What to do? Change your passwords, according to Colburn and other online security experts.
Colburn said hackers struck gold with Yahoo.
“Email is the most desirable account for hackers to break into,” said Colburn. “When you forget your password (for any social media or business account), you get the password sent to your email.”
“You’ve got to protect your email, like no other account, online,” said Colburn.
How to do that? The answer is easy.
“The first thing you need to start doing is lying. Don’t give out your real birth date to Facebook, to Google, to all these companies.”
Colburn said the fib won’t jeopardize your ability to use the social networks and web services that ask for your birth date.
“They don’t need to know your real birthday,” said Colburn. “They need to know that you’re old enough, to comply with their requirement of asking how old you are.”
Another area in which truthfulness can come back to haunt a user is when answering security questions, “where they ask for something like your high school mascot,” said Colburn.
“How hard is it for me to figure out what high school you went to, when you put it in your Facebook profile,” asked Colburn.
Colburn says a hacker is able to put two and two together, quickly: “This is you, this is the high school you went to, and I got you.”
Virtually anything on the internet is “hackable” and it’s generally just a matter of time for any large online entity, Colburn says.
Setting up password fraud alerts through 2-factor authentication and using password management programs that ensure that no password is ever used on multiple sites are a good start.
Colburn says there are some lessons to be learned through the Yahoo! hack: Assume that everyone you do business with online is going to be breached and act accordingly and never click on any reset links unless you just asked for a reset message to be sent.
Also, if you’re still using a password that’s been in use for more than a couple of years, change it to something you’ve never used before.
With all the large-scale breaches in the last couple of years, the likelihood is that any password that you’ve been using for years has been compromised. There are lots of “known password” databases that allow cyberthieves to compare them to stolen hashed passwords, which is why one breach can lead to so many other accounts being compromised, Colburn says.