Are your passwords compromised?

You may have heard about the numerous hacks in to Sony that resulted in customer credit card details being exposed, or indeed any one of the dozen or so high-profile hacks that have occurred in the last few months.

And, with LulSecutity’s final “booty” release, almost 1,000,000 users have been affected.

Was your email address listed in any of these databases? Did you even know they happened?

While the latest release may yet to be added, recently, a website called “Should I Change My Password?” was launched. It is a web-based tool that will check your email address against at least 13 different databases containing over 800,000 email address/password combinations that have been ripped from beneath the clutches of multi-million dollar corporations – and governments.

Recent news involves Greyhats like LulzSec who “do it for the lulz” – embarrassing the corporations in which we place our trust to house our credit card and personal information.

A recent LulzSec hack included “Pron.com” who after publishing the passwords of these accounts, advocating attempting to use the passwords on Facebook, contact the users’ family members and informing them how they gained access to the account.

IKR – Hilarious!! 😀

Regardless of whether you find your e-mail address listed, there is some solid advice to follow:

  • Change your critical passwords regularly – ie: financial institutions
  • Don’t reuse the same password, and
  • Don’t use the same password across multiple sites
  • There are numerous password managers that you may opt to use, I personally use 1Password. I have the application generate random passwords for me, made-up of upper and lower case letters, numbers, and in some instances special characters. Sure it’s a pain to remember, but I know if I can remember them, it’s time to change – you may opt to change them every 3-4 weeks.If that seeems all too much to handle you could make 4 or 5 passwords, each password for a different type of “security level”, and as you change them either “rotate down” or make a new set all together.

    However, random strings and new passwords all together are always going to be more secure.

    When assigning Passwords to Social networks, don’t underestimate what can be achieved by accessing your accounts. I have seen a few occurrences of Blackhats logging in to Facebook accounts to request information or money from people on their friends list.

    And finally, now is probably a good idea to remind you to make sure your wireless network is secure.