SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Frequent password changes crucial to prevent data breaches
Fri, 13th May 2016
FYI, this story is more than a year old

Last week played host to World Password Day and there couldn't be a better time to make sure your passwords are fresh and up-to-date. Yesterday micro-blogging website Tumblr announced that it was the victim of a security breach, with users' data being accessed from as far back as 2013, prior to when Yahoo! Took over operations. Tumblr says that this data does not seem to have been used, but advised users to change their passwords and security settings immediately.

Occurrences like this have happened over and over again – a sure sign that password security and frequent changes are important to keep hackers at bay. An estimated 450 million passwords have been stolen from various websites, opening the doors to potentially disastrous situations. Nick FitzGerald, Senior Research Fellow at ESET, suggests using a password 14-16 characters long with numbers, symbols and capitals if possible. It doesn't even to be that difficult – a phrase works just as well. Don't use the same password across multiple websites. While it may be easier for your memory, it will also be easier for hackers to get access to every site you use. If remembering passwords across your home or business is a daunting prospect, password managers are a good option, FitzGerald says. Password managers are commonly designed to work only on one registered device, protecting even your master password from being hacked and passwords change with each and every login. Two-factor authentication is another way of making sure nobody else gets access to your account. While this may seem tedious for those who prefer simplicity over security, it is well worth the effort.  "This increases security with an extra layer of protection that requires entering a unique code sent to another email address or mobile, or some other action involving a token carried by the account owner,” FitzGerald says.