- Staff
- #1
- 25,905
- 10,784
Should I change my password?
It seems that the first half of 2011 has been jam packed with report after report of this or that major online service falling prey to damaging security breaches, e.g. Sony, Epsilon, Sega, Nintendo, Fox, Washington Post, Gannett, Distribute.IT, Groupon etc. Groups like LulzSec and Anonymous have been triumphantly publicising their successful penetrations. Of course we hope that the information gathered by those claiming to be ‘white hat’ hackers will never fall into the hands of the bad guys. But can we be sure?
Then there are the succesful penetrations that are made by cyber criminals. Of course these often go unreported by the online services hacked.
So just how can we know if the bad guys have our details? Well of course, a definitive answer is elusive. You’ll probably really only know for sure should the services that are hacked fess up and tell you, or you become the victim of identity theft.
Well as a public service a Sydney, Australia based information security technology professional, Daniel Grzelak, has put together a web site “Should I Change My Password?” –https://shouldichangemypassword.com/, where you can check if you have compromised online accounts by checking your e-mail address.
Daniel has gathered together a number of databases that have been released by hackers into the public domain. He’s then securely stored a hash of the e-mail address, the date of last compromise, and the number of times compromised in an online database that you can easily search. As of 25th June 2011 there were just over 1 million records in the database.
You can now just visit the web site and type in your e-mail address. Daniel promises that he will not capture or store your e-mail address. If there is a match, you will be told how many times and get tips for creating strong passwords and using them safely.
Please remember, just because Daniel’s web site gives you the green light, it’s only saying your account usernames and passwords may be safe. We’d still recommend that you work your way through the various online services you use and make sure you are using different passwords on different services. And of course weak passwords like ’123456′ and ‘password’ simply won’t do. You need to ensure all of your passwords are strong ones.
Steps To Strong Password Perfection:
Don’t:
Lloyd Borrett, AVG Security Evangelist
It seems that the first half of 2011 has been jam packed with report after report of this or that major online service falling prey to damaging security breaches, e.g. Sony, Epsilon, Sega, Nintendo, Fox, Washington Post, Gannett, Distribute.IT, Groupon etc. Groups like LulzSec and Anonymous have been triumphantly publicising their successful penetrations. Of course we hope that the information gathered by those claiming to be ‘white hat’ hackers will never fall into the hands of the bad guys. But can we be sure?
Then there are the succesful penetrations that are made by cyber criminals. Of course these often go unreported by the online services hacked.
So just how can we know if the bad guys have our details? Well of course, a definitive answer is elusive. You’ll probably really only know for sure should the services that are hacked fess up and tell you, or you become the victim of identity theft.
Well as a public service a Sydney, Australia based information security technology professional, Daniel Grzelak, has put together a web site “Should I Change My Password?” –https://shouldichangemypassword.com/, where you can check if you have compromised online accounts by checking your e-mail address.
Daniel has gathered together a number of databases that have been released by hackers into the public domain. He’s then securely stored a hash of the e-mail address, the date of last compromise, and the number of times compromised in an online database that you can easily search. As of 25th June 2011 there were just over 1 million records in the database.
You can now just visit the web site and type in your e-mail address. Daniel promises that he will not capture or store your e-mail address. If there is a match, you will be told how many times and get tips for creating strong passwords and using them safely.
Please remember, just because Daniel’s web site gives you the green light, it’s only saying your account usernames and passwords may be safe. We’d still recommend that you work your way through the various online services you use and make sure you are using different passwords on different services. And of course weak passwords like ’123456′ and ‘password’ simply won’t do. You need to ensure all of your passwords are strong ones.
Steps To Strong Password Perfection:
Don’t:
- Use cardinal numbers in order, i.e. ’123456′ is not clever.
- Base a password on personal data, e.g. dog’s name, car registration, your name. Never use your mother’s maiden name or any password that your bank might use.
- Choose a word found in a dictionary in any language – password dictionaries make these particularly easy to crack in a ‘dictionary attack’.
- Use simple transformation or substitution, e.g. Pa$$w0rd.
- Use fewer than 8 characters and solely alpha- or numeric characters.
- Tick the ‘remember this password’ box.
- Use a mixture of four keyboard character types – lower case letters, upper case letters, numbers and other special characters such as #, $, -, +, @, ! etc. Unfortunately, some older systems restrict the special characters your can use.
- Use long paswords of 8 characters or more – the longer the password, the harder it is for hackers to use brute force attacks. However, some older systems don’t allow this and have limits of 8 or 14 characters.
- Use different passwords of different accounts and change them at least twice per year.
- Always change default passwords from ‘password’ or ‘admin’.
- Think illogically; computers rely on logic to operate.
- Be obtuse, think outside the box, invent new words!
Lloyd Borrett, AVG Security Evangelist
need to change password...