Just last week, Twitter became the latest casualty of poor Internet security when it fessed up to hackers having stolen account details for 250,000 of its users. As I’ve reported before, this type of activity seems set to rise, and you can be sure we will not be hearing of some of the more serious breaches. Would a bank confess in public to having had your account details stolen? Exactly!
The chances are that you were not one of the unlucky quarter of a million, and if you were, Twitter will have kindly let you know via email by now. If you think you have had an email from Twitter about it though, be very careful, as this kind of event is certain to trigger secondary events whereby phishers send fake emails to millions of recipients pretending to be from Twitter, encouraging you to click links in the email – WHICH YOU SHOULD NEVER DO!
There is an important lesson to learn from this though, which is whatever web service you have signed up for, you should not be using a password that you have already used elsewhere. It might not seem obvious, but if someone manages to obtain your login and password for one website, and you use the same access details for another site, it means the hacker potentially has access to two of your accounts rather than just the one that was exploited. If you use the same access credentials across all sites, you can only imagine the problem it will begin to cause you.
So what about the problem of remembering a different password for every site? There are two approaches to this:
- Use a completely random password for every site and note it down. By ‘note it down’, we mean use a secure piece of software designed to store your passwords for you. Such password vaults are readily available and have their own ‘master password’ you can set preventing unauthorised access to all your login details. Never note down your passwords in a way that they are not protected from theft.
- Have a ‘mental method’ of generating a password for every site you use, meaning every site has a different password, and you can work out in your head what that password should be.
Clearly option 1 is the most secure method if a little inconvenient, but far less inconvenient than having a thief using your login details.
Hopefully you can see the risk of using the same password across multiple sites, and we hope that if you have been doing this, you now feel compelled to go and start changing them.
Have you had any of your online accounts compromised? Were you a victim of the Twitter hack, or have you received a phishing email on the back of the Twitter hack? I’d love to hear your thoughts.