Hold Security, LLC. reports what it claims to be the “largest data breach ever” from a group of south Russian hackers who trawled the web using a vast botnet of hijacked computers to identify sites that are vulnerable to SQL injection attacks. The attack resulted in the breach of 1.2 billion user credentials, about 500 million email addresses and logins, from over 420,000 websites across the world.

The problem is, affected sites have yet to be named, as Hold Security is bound by a non-disclosure contract. There’s also the assumption that letting the public know which websites are at risk for SQL injection attacks will just encourage more hackers to exploit them.

Unfortunately the necessity to keep the affected sites under wraps means users won’t know if their account has been compromised. But all is not lost. Here are some tips to securing your online accounts, helping you to protect yourself even under uncertain circumstances.

Tips for securing your online accounts

If you are using passwords such as 123456, password, abc123, iloveyou, sunshine, or trustno1 in any or all of your online accounts, then you’re on SplashData, Inc.’s list of the worst passwords of 2013. Guilty of using one of these common passwords? Then it’s time for you to clean up your act so your account won’t be so easily hijacked by hackers.

So what’s the best way of fortifying your online accounts?

Create a recipe for a strong password

Use a combination of letters and numbers, and whenever possible use characters such as #$%^&, and don’t forget to capitalize some of the letters.  Remember NOT to use words or phrases that can easily be guessed such as commonly used words and phrases like iloveyou and chronologically arranged numbers like 123456.

Use a word or phrase that only makes sense to you, like combining the name of your favorite food, band, and the date you graduated from high school.  That would be pretty hard to crack but easy for you to remember.

Mix it up

Most of us have multiple online accounts so it’s easier to use the same password across the board.  The downside is that it’s also easier for others to gain access to all of your accounts. So even when one account is compromised for reasons beyond your control, using the same password for other accounts makes it that much easier for a hacker to access the rest.   It’s safer to mix things up.

.

Use two-step authentication

Most services these days offer two-step authentication, which means you need your mobile phone to receive a verification code in order to login to a service when using a different device. The verification code is sent to a user’s mobile number and the code is changed every time to keep things secure.

.

Remember your timeline

Another tip is to change your passwords regularly, at least every six months.  This practice will not only add to your account’s security but it also help you sharpen your memory skills, as you’re challenging your brain to remember new passwords.

Password lockers

Let’s be honest, it’s not easy to manage multiple passwords for multiple accounts.  It’s hard enough remembering what your password is, even more so when you’re trying to figure out what password goes with what service, and what email address you used for each. Writing things down on a piece of paper is not advisable as it’s easy to loose and can accessed by another person (like a coworker), so your best option is to use a password locker such as SpashID Safe, which has a 10 year history and over 1 million users. SplashID Safe allows you to store all your passwords and all other sensitive information in one place, and instead of entering a password for each site you manage, you just use SplashID Safe to gain access in one click.

 .

photo credit: Voxphoto via photopin cc