Channel 6 News - Search Results
The Real Deal: Securing your online accounts
ALBANY - By now, you've likely heard of the Russian crime ring that got its hands on more than a billion website logins. While there is no specific list of websites that were compromised in order to obtain the information, it's safe to assume that at least some of our usernames and passwords were breached. The information comes from at least 400,000 websites so now is a good time to inventory all of the online accounts you have a then change your passwords.
Reg Harnish and his team at GreyCastle Security in Troy know how to breach company websites, they do it every day, "we're actually acting as hackers and we try to break into their networks and systems and applications and certainly their people and we see if we can steal money out of their bank accounts, or steal credit card information or other protected information and then at the end, we tell them how we did it so we can fix those security vulnerabilities," he says. While the most recent crime ring got their hands on a massive number of usernames, passwords and email addresses, Harnish says there are likely other hackers out there with even more, "the real question is, how much of it is out there that we don't know about? So, this one security firm found a stockpile of credentials and exposed it, there's probably more where that came from," he adds.
That's why we, as users, need to step up our own security, starting with passwords. "The length of the password is actually more important than how often you change it," Harnish says. The longer the better and be creative about how you create and remember your passwords, " you can do anything from replacing vowels with special characters to using a phrase, the lyrics to your favorite song and only using the first characters of each word, or a pattern on the keyboard, the letters are actually drawing a picture on the keyboard," Harnish suggests. .
Many of the big websites will also let you take security a step further, "if you can enable multi-factor authentication, even if someone has your password, they're still going to need something else to get into your account," he says but normally, you have to go into your account settings to find out how to do it. If you have a hard time remembering passwords, you may consider applications and services that help to manage your accounts and generate secure passwords for every site. All you have to do is remember a single password for the app but Harnish warns there are drawbacks to that as well, "if you've got a password vault that's in the cloud and the connection goes down or you're out of range, there's all sorts of reasons why you might not be able to reach your password vault so they're not without issues themselves."