In the past week, both GoToMyPC and Carbonite have told customers to change their passwords, apparently because hackers were attempting to gain access to user accounts. And in both cases it’s thought that the hackers were using email addresses and passwords obtained from the recent mega-breaches.
Don’t reuse passwords
Many of these recent breaches were successful for one simple reason: People reuse passwords. We wrote, at length, about the importance of a sound password strategy, and provided specific recommendations in our recent post, Passwords: The first line of cyberdefense.
Am I at risk?
Now you might be thinking that there’s a low risk of your accounts being compromised because many of these mega-breaches occurred years ago. The problem is that even though, for example, the LinkedIn breach was in 2012, many of the account credentials are only just now getting into the hands of hackers. Moreover, because tens of millions of compromised accounts are involved, the hackers need considerable time to work their way through all of them.
If you want to check if an account associated with your email address has been compromised, the best source of information is HaveIBeenPwned. But even if one of your accounts doesn’t show up today, it may do in the next breach that goes public, that’s why we strongly encourage you to change the passwords of at least your important accounts and do it immediately!
Create strong passwords
When you create passwords, you need a plan for composing passwords that will make them hard for hackers to crack. You can read more about how to protect your information with strong passwords here and we’ve written about this (at length) several times but it never hurts to say it again … when you’re creating a password:
- Don’t use common words by themselves (but you can use them if they’re combined with other words and symbols
- Don’t use obvious (and ridiculously predictable) passwords such as 123456, password, qwerty, baseball, starwars, and letmein
- Use 10 or more characters
- Use upper and lower case letters
- Use at least one number
- Use symbols (!@#$%^& and so on)
- Don’t use the same password on multiple sites
- And, absolutely, you should use a password manager
GoToMyPC and Carbonite are also recommending customers enable two-step verification (2FA) to protect their accounts, which means hackers would need more than just your login credentials to access your account.
Here are some other resources which will help you better protect yourself online:
If you’ve got any questions about passwords, drop us a note at firstname.lastname@example.org. Stay safe.