Recently Adobe revealed an attack on its systems that resulted in the theft of the personal data of 3 million users. Although unfortunately the heavyweights of the tech world find themselves constantly under scrutiny over their security, in many cases the cause of an IT attack is the negligence of users themselves when it comes to protecting their accounts.
Although a big chunk of the information stolen from Adobe was encrypted, a list has now appeared with the top 100 most-used passwords by users of all Adobe services (150 million accounts), and guess which one is the most common? The password “123456” was used by 1,911,938 users (1.2% of the total), not to speak of those that come after it on the list, such as “password,” “qwerty,” or “111111.” Talk about imagination.
In the case of Adobe, its clients couldn’t have prevented the breach, but what does this signify if we extrapolate this bad habit to other massive services and marry it with the bad intentions of some Internet users? Well, if someone tries to access another user’s account on the sly, there’s a good chance that he’ll figure out the password after a few attempts with the most frequently used ones, let alone what would happen if he sees the password recovery questions such as the old standbys, “the name of your pet” or “your father’s birthplace.” Just a teensy bit of social engineering could fling the doors wide open.
We’ve talked before about the best practices to protect your privacy against snoops, but today we’re going to focus on how to armor your accounts with strong passwords. Many webpages measure the strength of the password that you’re about to set, taking into account whether you use upper or lower case and numerals. For these cases, a few mnemonic devices could prove helpful, such as using an old, out-of-service phone number of yours or a family member, followed by the initials of your favorite film. It’s all in the level of imagination.
Even still, if you’re not quite that inventive you can always turn to a random password generator such as PWGen or RandPass, both of which can create passwords based on a pattern that you specify or whatever generation rules you think most appropriate. If you want to go even further and manage all your passwords from a single app that can generate, manage, and protect them, there are also free tools like Password Safe, which lets you organize all your access credentials and protect them using the encryption system Twofish. All this means that if you’re not protecting yourself, it’s because you clearly don’t want to.