Over the last few weeks we have repeatedly highlighted the importance of not using the same password for different websites, your email, your credit cards, etc. Today we’ll give you a couple of examples of companies whose good practices prevented their customer data from being compromised. The first company is Yahoo. The California-based firm was not directly attacked, but it learned that some of its users had had their user IDs and passwords compromised. How? The attackers in this case hacked the information stored in a third-party database not related to Yahoo. The company’s response was quick and correct. Immediately, Yahoo reset the affected users’ passwords and used two-factor authentication for victims to re-secure their accounts.
Details of 800,000 Orange customers compromised
Orange’s hack attack was different from Yahoo’s in that in this case the attack did affect one of the company’s websites. More specifically, the breached site was affected by a vulnerability that allowed the attackers to gain access to personal data from hundreds of thousands of customers, including names, mailing addresses and phone numbers. Fortunately, it seems that Orange’s systems were configured in a way that prevented the customers’ passwords from being compromised, which limited the damage done to the more than 800,000 users affected by the attack. According to reports, the customers’ passwords were stored on a separate, more secure server which was not impacted by the breach.
When it comes to protecting passwords from the eventuality of theft, the best policy is simply not to store them. It sounds quite obvious, but not many companies or users seem to apply this simple concept. Additionally, it is advisable to follow the tips below:
- Avoid passwords that would be readily identifiable or easy for anyone to guess (such as family names, birth dates, etc).
- Use a mix of letters and numbers.
- Do not write them down or store them in easy to find places.
- Make them as long as possible.
- Avoid using the top 20 most common PIN numbers on your credit card.
We know that sometimes it can be hard for you to remember all of your passwords. The Panda Global Protection 2014 password manager will remember them for you. You only have to remember a single master password and the password manager will log you in to every service that you use. Do you think your passwords are secure?