It’s been just over two months since more than 10,000 Hotmail passwords were stolen and posted online, now, just in case we needed a reminder about the security of our online accounts, online application powerhouse RockYou has fallen victim to an SQL attack, which has prompted Techcrunch to urge over 32 million RockYou users to change their passwords after hackers gained access to passwords and email addresses that were stored in plain text.
Unfortunately, RockYou are far from alone in storing password details in plain text, which makes it even more important for us as the user to take personal responsibility for the security of our data.
If you access any accounts online, you should follow these basic steps:
- 1. Create unique passwords for each account
- 2. Change all of the passwords regularly
- 3. Don’t use dictionary words or overly simplistic passwords (earlier this year one site’s most popular password was revealed as 123456)
- 4. Create passwords that are over 10 characters long
- 5. Although it may seem original, using a dictionary word, or someone’s name and replacing the i with a 1 and the e’s with a 3, it doesn’t fool anyone
However, the service providers also have a duty of care and should examine their own security policies.
Do they store user data in plain text? Should they introduce extra factors of authentication?
My guide on authentication discussed the possibility of ‘identity 2.0’. The introduction of a system which would remove the need for users to think up and remember multiple, unique and complex passwords for their online services, and provide them with one online identity that all online services recognise. But, as I noted in the guide, there are also draw backs to this approach.
The one thing we can be certain about is that hacking incidents and data theft will not go away, and those users who use the same password for multiple accounts are putting themselves and their data at risk by not adopting a more stringent attitude to password security.