There are more reasons than ever to understand how to protect your personal information, as major website breaches become ever more frequent. On Tuesday, Yahoo said that all three billion of its users had been affected by a breach in 2013, up from the one billion it had originally estimated.
How do I know if my personal information has been taken?
Unfortunately, you may want to assume that it was. Cyber attacks happen all the time.
Should I change my passwords?
Regardless of the type of breach or the company involved, it’s always a safe bet to change passwords for sites that contain sensitive information like financial, health or credit card data. Do not use the same password across multiple sites and do not use your Social Security number as a username or password, especially in the wake of the recent Equifax breach.
And if you were not doing so already, you will have to treat everything you receive online with an abundance of suspicion, in case hackers are trying to trick you out of even more information.
How do I create stronger passwords?
Try a password manager like 1Password or LastPass.
These sites create a unique password for each website you visit and store them in a database protected by a master password that you create. Password managers reduce the risk of reused passwords or those that are easy to decode.
Wirecutter, a The New York Times company, provides a helpful explanation of why password managers are so essential. They also maintain an updated guide to what it considers to be the best password managers.
If you must create your own passwords, try creating long, complex passwords consisting of nonsensical phrases or one-sentence summaries of strange life events and add numbers and special characters.
My favorite number is Green4782#
The cat ate the CoTTon candy 224%
Or, if you’re extra paranoid, consider mimicking this setup. Take the sentence:
One time in class I ate some glue
And convert it into this:
1TiC!AsG
One time in class I ate some glue → 1TiC!AsG
In general, create the strongest passwords for the sites that contain the most sensitive information and do not reuse them anywhere.
Are passwords enough?
Passwords are not enough. If a site offers additional security features, like secondary or two-factor authentication, enable them. Then, when you enter your password, you will receive a message (usually a text) with a one-time code that you must enter before you can log in.
(Here’s a link to turn on two-factor authentication for Gmail accounts. Here’s one for Yahoo accounts, and here’s one for Outlook accounts.)
Many bank sites and major sites like Google and Apple offer two-factor authentication. In some cases, the second authentication is required only if you are logging in from a new computer.
Won’t security questions protect my data?
Sites will often use common security questions to recover a user’s account if the password is forgotten.
These questions are problematic because the internet has made public record searches simple and the answers are usually easy to guess.
In a study, security researchers at Google found that with a single guess, an attacker would have a 19.7 percent chance of duplicating an English-speaking user’s answer to the question, “What is your favorite food?” (It was pizza.)
With 10 tries, an attacker would have a 39 percent chance of guessing a Korean-speaking user’s answer to the question, “What is your city of birth?” and a 43 percent chance of guessing the favorite food.
Source: http://nyti.ms/2AmJ2SZ (NY Times Article)
