Don't be like Mark: How to protect your social accounts from being hacked
The recently leaked database containing nearly 33 million Twitter login credentials , including passwords in plain text, is definitely the real deal.
In a blog post Friday, Twitter confirmed it started warning users whose accounts may have been affected, as well as locking some accounts and sending a password reset request to the account owners.
Twitter maintains the stolen passwords were not the result of a hack, but have rather been "amassed from combining information from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both."
The post doesn't say how many users were affected; only that "a number of Twitter accounts were identified for extra protection." However, Twitter confirmed to the Wall Street Journal that the number is "in the millions."
Leakedsource, a site that collects stolen login credentials and puts them in an online database, said Wednesday this particular leak contains 32,880,300 Twitter credentials.
The leak follows a string of high-profile Twitter accounts being hacked, including those belonging to Katy Perry, Drake, Mark Zuckerberg and Evan Williams.
Choosing a good Password:
By now, most internet users are aware that choosing a strong password is important. What, exactly, constitutes a strong password has changed quite a bit over the years.
Today, a good password should be at least 12 characters long, preferably longer. It should contain numerals as well as lowercase and uppercase letters. It should not contain easily guessable personal information; if you're called Michael and are born on September 12, 1967, then "Michael-09121967" is not a good password. In fact, even though you can create a solid password by stringing together common words
Never use the same password twice
If you're using the same password on multiple sites, you could still be in trouble. If only one of those sites get compromised — as LinkedIn did, when someone stole more than a hundred million usernames and passwords in 2012 — a hacker could try out your email address and the same password on other online services.
Sometimes, if a site has very shoddy security, hackers might obtain your password in plain text. Most often, the passwords will be encrypted or hashed, so the hacker will have to crack the passwords, which is where choosing a good password comes into play. But hackers today have access to very powerful computers and some smart cracking algorithms, meaning that — with time — even very strong passwords can get cracked.
The best way to avoid this is to have a separate password for every online service you use, especially those important to you (Facebook, Twitter) or ones that can actually cost you money (PayPal, eBay).
Use a password manager
This is where things get problematic for most users. After a while, remembering strong passwords becomes a chore, or even impossible. This is where password managers, such as LastPass or Dashlane, come into play. These services "store" all your passwords, often automatically filling out your online credentials, but you can only unlock them with a master password, so that's the one password you really need to remember.
A caveat to this method is the fact that if your master password gets stolen, you're in trouble, as a hacker can gain access to all your passwords. This is why you must choose a very strong master password, never store it on your computer and never share it with anyone.
Note that even password managers are prone to vulnerabilities. You might choose not to use one and just keep your passwords in your head, or offline, on a piece of paper in a safe. That's perfectly fine, just don't lose the piece of paper.
Use two-factor authentication
Even if you're really careful, mistakes will happen. An ancient service you forgot you've ever used could get compromised, come back and bite you from behind. Or you could connect to the wrong Wi-Fi network and become a victim of a stalker-hacker stealing every bit of info you sent out from your computer. (By the way, don't connect to Wi-Fi you don't trust. Ever).