Sunday, June 1, 2014

Ebay Hacked – Change Your Passwords



eBay has revealed that it’s online servers have been hacked and the personal details of 15 million British users (that would include the Republic of Ireland) have been stolen. Another press release has stated that all 233 million eBay users personal details and passwords are now in the hands of hackers. Ebay has urged anyone using the site to change their password but in my opinion you need to do much more than this. This article outlines some basic security practices you should employ to ensure that when a site you are using is hacked it has a minimal effect on your security.

Managing Passwords
Protecting your passwords is probably the most important thing you can do with regard to your internet security. I say passwords because you should NOT use the same password on more than one site.

This is key to maintaining your security as once a hacker gets access to your data on any site their first ‘port of call’ will be your email account. If the password is the same you’ve just given them everything they need to scam or steal from you.

Storing Passwords
 I do not recommend storing your password list on your computer or a usb key or flash drive. Use the old fashioned method – buy a copy book and keep them completely off your computer. When writing them down ensure you do not make it too obvious what the password is for. Keep the list secure, and keep a copy outside the house.  If you must store the passwords on your computer you should employ an encryption program such as Truecrypt(click here to visit Truecrypt site) to create an encrypted area on the machine or usb device for the password list. Because of space limitations I cannot address use of encryption here but may do so in a future article.

Changing Passwords
Change your passwords at regular intervals and never reuse a password either on the same account or another account.

Password Format
You should ensure your password contains upper and lowercase letters numbers and extended characters. Don’t use personal information such as your date of birth as this is easily guessed. For example say we want a password of tin can alley. This is how you might actually create this password  tiN*caN#alleY@4026. Note the use of upper and lower case letters, extended characters *#@ and numeric characters. Avoid use of similar items across passwords and do not reuse numeric codes. Remember the hacker will have one of your passwords and will be working from that premise.