Another day, another data breach. This time, it’s the popular crowd-funding site Kickstarter that fell victim to cyberattackers.
This attack looks like it was bad, but still not awful, on the spectrum of incidents. Among the stolen information was:
- encrypted passwords, and
- other personal information, such as the last four digits of credit cards.
This leaves millions of users with an all-too-familiar set of instructions: Change your account password, change passwords for any other sites that use the same one and be on the lookout for suspicious activity.
Weak passwords are at most risk
Because the stolen passwords were encrypted, there’s not much risk that they can be cracked unless very advanced tools are used or the passwords are particularly weak and easy to guess.
Unfortunately, as IT managers know, a lot of passwords fall into those categories.
This could be a good time to start experimenting with password managers. These tools remember passwords for users so they can finally hit that sweet spot of creating unique passwords that are also difficult to figure out.
But for those who are sticking with the old-fashioned method of remembering passwords on their own, here’s some hints for creating strong ones:
- Make it unique. Even if you come up with a great, impossible-to-guess password, use it on only one site or service. If it’s stolen, hackers can try that same password across a variety of platforms hoping it’ll unlock sensitive information somewhere else.
- Don’t use the dictionary. Even if you combine strings of words or phrases, if those words can be found in a dictionary or the bible, there are password crackers that will sniff it out. Some can crack 55-character passwords these days.
- Change it frequently. Set a reminder on your computer or phone calendar as soon as you create a password to change it later on. Four-to-five weeks is a good length of time, though any period of time is better than not changing it.
For a sample policy on passwords, check out this page.