4 Easy Ways to Keep your Passwords Safe

The internet is becoming more and more entwined with our daily lives and well-being.  We can bank online, shop online, socialize online, and conduct business online…all of which require us to have accounts that hold sensitive information (credit card and bank numbers, phone numbers, mailing addresses, the identities of our friends and family).  The only thing stopping people from seeing this info is the password we chose to protect each account.  Here are four basic rules (that can’t be mentioned enough) you should follow to make sure your passwords are as safe as they can be.

  1. Have a different password for each account/service you use
    1. If the password for your online banking is the same password you use for your email, then you’re exposing yourself to unecessary risk.
    2. Have separate passwords to make sure that, in the event that one becomes compromised, the others are still safe.
  2. Change your passwords at least three times a year
    1. You can never be too careful, so change up your passwords every four months
    2. (TIP: Don’t write down these passwords anywhere someone can see them)
  3. Make your passwords unique and hard-to-guess
    1. Don’t let your password be something generic (“Password1”)…
    2. or easy-to-guess (like your birthday or child’s name).
  4. Keep your passwords a secret
    1. No one should know your passwords
    2. If you do HAVE to tell someone your password, change it the moment they’re done using whatever account you granted access to
  • If the password for your online banking is the same password you use for your email, then you’re exposing yourself to unecessary risk.
  • Have separate passwords to make sure that, in the event that one becomes compromised, the others are still safe.

LinkedIn Passwords Stolen – What You Should Do

LinkedIn is a popular social network for professionals wanting to promote themselves and their careers, connect with current and former business contacts, and build their businesses. So you may already have joined the site.

If you are a LinkedIn user, please read on.

Yesterday, LinkedIn confirmed that some of their users’ passwords were stolen. While they are investigating the issue further, here is what they recommend that you do:

password security tips

  • If LinkedIn thinks your password was compromised, your account password will be disabled and you should get an email with instructions (but no links) giving you the first steps to resetting a new password.
  • Follow the steps in the first email and you’ll get a second email from LinkedIn with a password reset link.
  • LinkedIn also advises you to review their advice about password security.

Even if you don’t get an email from LinkedIn, you may want to proactively change your password, and use it as an opportunity to create an even stronger password.

As an Internet service provider with 18 years of experience safeguarding our members’ accounts, EarthLink has long promoted the value of creating strong passwords that you keep private and secure.

Want to know more about password security? Read our blog post about protecting your passwords, this post with a system you can use to generate strong passwords without repeating them, and this password help from the EarthLink Support Center.

If you wish to change your EarthLink password, use the Password Reset Tool on our My Account page.

We also had a link to download the free LastPass password manager from our eLink newsletter for Internet access members (scroll down to the Download section).

eHarmony users: Dating site eHarmony also confirmed a password security breach yesterday. You can read about that password security problem here.

LastPass has created tools to help you check if your LinkedIn password or eHarmony password was stolen.

Where Is Your Laptop?

Laptop theft is a common practice. Every day laptops disappear from college libraries, car back seats, coffee shop tables, hotel lobbies and airport waiting areas. In the past, laptops were valuable for their hardware, once stolen they were resold quickly for strictly their monetary value. Today that’s not the case. Your data is the target! There’s probably something on your laptop that you don’t want the whole world to see. It could be proprietary information, documents containing personally identifiable information (birth date, social security number, credit card info) or even someone else’s personal information.

If you travel with your laptop or keep it in a place where others can access it, then you’re vulnerable to theft. A password no longer guarantees denied access to your data. If someone is smart and determined enough they will crack it and have unrestricted access to every piece of data stored on your laptop. So how do you protect it? Encryption. Encryption adds an additional layer of protection. If your password is cracked the data remains encrypted and the information is scrambled so that even advanced security experts can’t read it.

EarthLink provides a Managed Laptop Security solution that encrypts your data and also adds yet another layer of protection with laptop remote wipe capabilities. Should your laptop be lost or stolen, EarthLink’s protection will automatically kick in and wipe (delete) the data by overwriting it until nothing is left.

Passwords simply don’t cut it anymore in today’s technology world. If you laptop is mobile then you must add multiple layers of data protection to minimize the risk of your data getting into the wrong hands. Contact EarthLink Managed Security Services (or download this info sheet) today to learn more!

Protect Your Passwords

Protect Your Passwords! – Believe it or not everyone has passwords and uses them more often than you think. Your check cards are secured by a password (a.k.a. pin), your cellphone voicemail has a password, and your home security alarm and possibly even your garage door have passwords. But how good is your password if you don’t protect it? As a security expert I’ve performed hundreds of IT security assessments and have seen the most secure passwords left unprotected. Here are 5 things you should not to do with your passwords:

  1. Don’t use dictionary words or sequential numbers – Don’t set your password to “password”, “Password”, or “123456”. The #1 password of the century is the word itself. The most common brute force attacks are successful because the compromised password is word taken directly out of the Dictionary or is made up of a combination of sequential numbers.  You can view the top 25 worst passwords of 2011 HERE
  2. Don’t write your passwords down! – Don’t write your password on a Post It note and hide it under your keyboard, under your mouse pad, behind your monitor, or under your desk calendar. Don’t tape it under your desk, hide it in your desk, or write it on your phone directory taped to the wall of your desk. Trust me, I will find it!
  3. Never email your passwords – I don’t care if the world is ending and Superman needs your password to save it (Yes, even Superman uses email). Don’t email passwords, EVER. One of the most successful attacks I perform is sending an email to a sample set of employees. Using the IT Manager or CIO as the sender I ask for credentials. Depending on the sample size I have seen anywhere from a 25% to a 70% successful response ratio. That’s scary!
  4. Don’t share passwords – Don’t let your co-worker (or anyone) borrow your password. If you don’t reset it, they still know it and can pose as you anytime they want. Even your garage door or home security system has options for multiple passwords (for multiple users). So you don’t even have to share it with your kids!
  5. Don’t keep the default password – Whatever your password was when your account was created it shouldn’t be the same today.  The majority of systems and applications have the capabilities of allowing the user to set and reset their own passwords. If you haven’t reset your password from the first time you used it then someone else still knows your password. Reset it.

Bottom line, the only person that needs to know your password is you, so protect it. Use strong passwords, change them often, don’t write them down, don’t share them, and if someone asks you for your password, don’t give it. If your Supervisor, IT Manager, or CIO requests it they should have the power to reset it, so let them. They can give you the new password. If they don’t have the power to reset your password then they shouldn’t be privileged to have the power of your password.