The truth is, it is better to be safe than sorry, and assuming the worst is the best way to handle a potential security breach that compromises your valuable personal information, passwords, email addresses/usernames, and your privacy in general. The most recent breaking story about a data hack comes thanks to a small hacking collective in Russia that managed to acquire more login credentials than you’d like to believe.
Besides just having login information – usernames and passwords – the data are of course tied to the websites from which they were stolen. In such a massive, large-scale breach like this one, it is possible that someone dedicated enough can put together a big chunk of your personal life, all based on the websites where you have an account (and this breach hit many, many websites).
As if that wasn’t unsettling enough, think about how many sites with which you use the same username or password. There are probably other sites which were not hacked where those credentials are good. All the hacker has to do is
type in your info write a little program to automatically try your login info (and everyone else’s) at any website he or she can imagine.
The New York Times has some handy tips, and here are a few more tips (or more info on tips provided in the article):
1. Don’t use the same user name/password combination for multiple sites. This will save you from future hacks based on the stolen data.
2. Don’t even use the same password for more than one site. Usernames can be easy to figure out — often times they are just email addresses. Using the same password is just like using the same key for your house, mailbox, car, office, and bank deposit box. If one key gets out and duplicated, it won’t be good.
3. Use a password manager. The benefits most definitely outweigh the costs, if only because the password manager comes up with very secure passwords (or passphrases) and helps you so you do not have to remember everything for all your different websites.
4. Speaking of passphrases (and if you don’t want to jump on the password manager train yet), use a passphrase and not a password. Words are in the dictionary, and easy for a computer to figure out. This is true even if you substitute numbers and symbols for letters, like in p!33A. A computer can figure that out in less time than you can add 2+2 in your head. What’s harder for a computer to figure out is something like: H1mnIw#$$. (I came up with that loosely based on a song lyric.)
4.a. Longer passphrases are better because they take more time/computing power to figure out.
5. If a site does not let you use symbols or numbers, be very careful with the information you provide to that site. Consider not signing up, using an email address specifically created for that site (or spam in general), and using a modified version of your name. It might even help to email the people behind the site and ask why their security is lacking.