Media news coverage this week report hackers, apparently beginning about the third week in October, have stolen usernames and passwords for approximately two million accounts at some of the Internet’s most popular websites, social media and email accounts, including Facebook, Twitter, Google, Yahoo and LinkedIn.
The global electronic data breach was uncovered while cyber security researchers were investigating a server in the Netherlands. Victims include users in the United States.
An analysis posted by researchers at the security firm, Trustware, showed the most common password among the stolen log-in credentials was “123456.” Other commonly used credentials included “123456789,” “1234,” “password,” “admin,” “123” and “1.”
Researches also noted the overall password “strength” of the compromised log-ins. Since both the length and type of characters (uppercase letters, lowercase letters, numbers and special characters) in a password make up its ultimate complexity, passwords that use all four character types and are at least eight characters are considered the strongest. Researchers found there were more terrible passwords (four or less characters of only one type) than excellent ones in the attack.
Action You Can Take
If you use one of these sites and use the same username and / or password on your bank or other secure websites, change your log-in credentials immediately and follow these cyber security best practices:
- Create a strong password
- Create a password that is different from your previous five passwords
- Don’t use simple or obvious passwords, including personal information like a social security number, date of birth, address or account number
- Consider a longer password (called a passphrase often 16 characters or more in length) vs. a shorter convoluted one
- Don’t use the same passwords on multiple accounts
- Change your passwords regularly, every 60 to 90 days
- Use a site’s multi-factor authentication when it is available
- Update your system’s anti-virus software and download the latest patches for Internet browsers
Once you have ensured you have a strong password, review your bank account transactions for any suspicious activity. An easy way to do this is with Online Banking. Develop a habit of reviewing your bank account activity often. Report anything unusual to your American Federal Banker immediately.
If you’re a business, develop a maximum complexity password policy and enforce it. The U.S. Chamber of Commerce and several agencies of the federal government provide online resources for cyber security for small businesses. You can find information at the Small Business Administration, the Federal Communications Commission and the United States Computer Emergency Readiness Team (US-Cert).
Complex Password Requirements
Make your passwords meet the following minimum security requirements:
- Not contain all or part of the user’s account name or number
- Be at least eight characters in length
- Contain characters from the following four categories:
- Uppercase letters (A through Z)
- Lowercase letters (a through z)
- Base 10 digits (0 through 9)
- Non-alphabetic characters (for example !, #, %, $)