Yahoo on Thursday disclosed that 1 billion user accounts on its servers were hacked in in 2013. This admission comes after Yahoo revealed in September that 500 million user accounts were breached in 2014. Granted, Yahoo has long since lost its status as most popular communications and services portal to bigger and better players, but the breach exposes the vulnerabilities of our increasingly digital lives.
More and more transactions of our daily lives are now online, with personal records, certificates, books and music kept in digital lockers. Post demonetisation, with the government going in for a big push towards a cashless economy, we will be seeing more of our money being spent and received digitally. This necessitates a good understanding of staying safe online and protecting your assets.
Here are a few rules of thumb for password protection and easy tips to strengthen your online safety:
* Use different passwords for each of your online accounts. In case a hacker gets past one your accounts, you don’t want to have made it easy for them to access details of your entire digital world.
* Always opt for secondary or two-factor authentication for your passwords. This can be in the form of setting up security questions that identify you through details only you would be privy to. This is often a back-up in case you lose your password, but it can also kick in if there are multiple failed attempts to enter a password — which could indicate a bid to breach your account. Make sure, though, that the security questions do not offer multiple choice answers (which basically shrinks the number of tries a brute-force hacker needs to make to strike gold) or pose queries that would be easily answerable (a question like “What is my mother’s maiden name?” can be answered by a simple bot with access to your PAN card) or require short passwords.
* The length of your password matters. The longer it is, the harder it will be to hack. The randomness of your password matters. According to the New York Times , a web security expert recommends banging on your keyboard and using the garbled alphabet soup that comes up as a password. Play around with alphanumerics, alphabet cases, and symbols. For instance, “oBsiDian9+*%dAggER238&” would be a really very strong password, if not a really strong weapon. Using nonsensical sentences — “My prestidigitating goose used a fork to screw in a light bulb”, for instance — can also confound password thiefs. At least to the extent of their methods of screwing in a light bulb.
* Make it a practice to use password managers. A password manager basically stores all your complicated passwords, so you don’t have to worry about forgetting the hundreds you’ve created across your digital life. The best part is, all you have to remember is the one strong password you had to create to open your password manager. The rest of your head can be filled with butterflies and rainbows. Sticky Password, Dashlane, LastPass, 1Password are some options to try out.
* Change your passwords frequently. That way you can hope to thwart a hacker just when he thinks he’s figured out how to breach your accounts.
* Or quit using passwords altogether. By opting for an account key, you can enter your username and then have a notification code sent to a personal phone (or account that has not been hacked), which you can then key in to gain access. This can also double up as a means of secondary authentication, if the site requires you to enter your password as well as the notification code.
