Been Hacked? Changing Your Password Might Not Be Enough

Almost everyone has received a message from a website or retailer with a notification of a security breach. Most include a recommendation to change your password, and in some cases, carefully monitor your financial accounts for signs of fraud.

In the wake of such high-profile data breaches as the recent one involving Target, or last year’s attack on LinkedIn that exposed millions of users’ passwords to criminals, Internet users are more concerned than ever before about the security of their personal information. We put thought into developing complex passwords that are difficult to hack, but if the database is going to be breached anyway, does it really matter if your password is the perfect combination of upper and lowercase letters, numbers and symbols?

Some security experts argue it does not really matter and note if your account has been hacked, you probably need to do more to protect your data.

A Difficult Password Isn’t Necessarily a Secure Password

By now, most people realize a password like “password” or abc123” isn’t very hard to crack. What few people realize is sophisticated cybercriminals are not sitting in front of their computers running endless combinations of user names and “easy” passwords, one at a time.

Password ProtectionToday’s criminals are more focused on creating data breaches, in which they can steal millions of username and password combinations at once. Depending on where the data comes from, there is big money in stolen passwords. A password for a LinkedIn account, for example, might sell for $1 on the black market, while a bank password can sell for upwards of $850 or more. Even if you came up with what should be an uncrackable code, if it’s part of a large-scale data breach, you’re in trouble.

Some companies have tried to protect user passwords via encryption and a technique known as “salting.” Many databases do not store your actual password, but instead turn your password into a string of numbers or letters unique to your account. For added security, they “salt” the password with extra characters, rendering it unusable to someone who does not hold the encryption key. However, not all companies do this, meaning it’s up to you to protect yourself.

Enter Two-Factor Authentication

Two-factor authentication is the latest advancement in security, and it’s being implemented in everything from bank accounts to mobile phones. Essentially, this type of security requires you to provide two or three ways of identifying yourself in order to gain access: something you know, something you have or something you are. A two-factor authentication token solution, for example, requires you to insert a token in addition to providing a password.

Two-factor authentication is effective because it creates an extra layer of security. Even if a criminal acquires your password, without the other factor, he or she won’t gain access to your information. You can protect your physical devices like your laptop with a physical token, while many major websites, such as Facebook and PayPal, offer a form of two-factor authentication as an optional security feature. You can adjust your account settings so you need to provide additional information, such as a code sent via text message to your phone, in order to log in.

Additional Protection Tips

To help prevent your password from being hacked, security experts recommend adjusting your method for devising your codes. For starters, 12-character passwords are more difficult to crack than 8-character passwords; the addition of four characters increases the number of potential combinations to an unmanageable number for even the most advanced hacking programs.

Rather than using a random string of characters, your password should be four unrelated words or a complete sentence. It’s unlikely a computer program will be able to guess four complete words.

Beyond using two-factor authentication and creating strong passwords, follow these best practices for using and storing passwords. Avoid using the same password more than once if you use it for a bank or credit account, and change your passwords regularly to thwart anyone who may have gained access to your credentials. Consider using a password manager to create and store your passwords securely as well.

Receiving word that your account has been exposed in a major data breach is enough to make anyone panic. However, if you’ve taken the steps to keep your password secure and added extra layers of security, a major breach should not affect your finances or your identity.