You've probably heard by now that the Gawker network — purveyors of all things gossip, gadgets and games — suffered from a particularly nasty security breach earlier this week. Not only was staff email breached and crucial servers hacked, but a sizable number of user passwords were exposed as well — over 1.3 million, according to the group responsible.
But while these sort of breaches are never fun to report on, it reinforces the importance of a secure password for your online accounts. A staggering number of users had actually used "password" as part of their login credentials, or variations of "qwerty" instead — and as readers of our site should know, that's just not going to cut it.
Even if you weren't affected by the Gawker breach, now is a good time to ensure you're truly safe online. Today, we have a few quick tips you can try to keep your accounts secure, and your passwords hidden from prying eyes.
If your password is 'password'...
Most big websites have their own handy tests to ensure your password isn't so easy to crack. That means using a nice combination of upper case, lower case and numerical characters. However, that's probably not true for all of you. Luckily, websites like this can determine just how safe your password is against a brute force attack, using the magic of math — which should hopefully encourage a change.
Will put together his own thoughts on password security too, which includes some handy tips on choosing and using useful passwords — the most important of which is to keep your email address, the gateway to all your other accounts, the most secure of them all.
Security question obscurity
A common point of entry for many malicious attacks is a too-simple security question. Things like "mother's maiden name" and "first pet" may be things you've actually discussed publicly before, either in-person or online. It should probably go without saying, but if you can write your own security question and answer, make it obscure. However, if dealing with a predetermined list, choose something you know isn't going to get out all that easily. Which brings us to our next point...
A quick search can reveal a wealth of old accounts and info that you may have forgotten existed. A throwaway forum account with a weak password might be exploited years later, and could even be a password you still use with active accounts. Googling old emails, usernames and avatars is a great way to track down those loose ends — and perhaps even remove some of those public details used for security question fodder. Of course, nothing ever truly disappears from the internet, but at least there are ways to make things easier to find.
Keep it all together
Not everyone is fond of the idea of keeping their passwords all in one place, but password managers can be more effective in these situations than you might think. Lifehacker has noted the benefits of using a service like LastPass in the wake of the Gawker's account breach; the application audits all your saved passwords and checks for similarities. Combined with the ability to check password strength and security, today's manager's can be more than just simple vaults, but a comprehensive part of your security strategy as well.