In light of the recent Russian hack, we're taking a look at the dos and don'ts of creating online passwords. NY1's Tara Lynn Wagner filed the following report.
One-point-two billion username and password combinations. Over 500 million email addresses. The amount of credentials that have been compromised in this latest massive computer hack is staggering—so what should you be doing to protect yourself in light of the Russian hack?
"You shouldn't necessarily be doing anything that you shouldn't already have been doing. It's just that so many people weren't doing it," says IDT911 Chairman and Co-founder Adam Levin.
To start, Adam Levin of IDT911 says change your passwords. Like, yesterday.
"I know. I know. But the fact is you really have to do it, and you should be changing those passwords on a relatively frequent basis," Levin says.
Don't change them from the name of your dog to the name of your cat. When it comes to choosing a password, you have almost endless options so avoid these:
"1234, 9876, your dog's name, your favorite color, the street you grew up on, your name, the date you were married, your birth-date. The bottom line is we, as consumers, make it much too easy for the bad guys to do what they do. We try to find something simple and easy and universal. That's a mistake."
"Another huge mistake—using the same username and password combination across multiple sites. Let's say your email address is compromised. Hackers now have both your email address and your password," Levin says.
Now, let's say your email address also serves as your username for a financial website and you use that same password for that account. You can see one compromised account can throw open the door to the rest of your digital life.
Levin's advice: come up with a formula that you can use to generate as many username/password combinations as you could ever need. Start with a core word—maybe the first letters of the words in a sentence.
"Then what they do is they do something that will remind them of the particular website that they're gonna use that password on and then they use a year or a combination of numbers and upper and lower case and they change it around," Levin says.
Since you'll never remember them all, he says keep all those combos on an encrypted thumb drive or a password management site. Just don't forget your password to those.