If you’ve heard this once, you need to hear it again—and again: Never use the same password and username for more than one account!
If this got Mark Zuckerberg’s (Facebook’s chief executive). Twitter account hacked, it can get just about anybody hacked.
A report at nytimes.com says that the OurMine hacking group takes credit for busting into Zuckerberg’s accounts including LinkedIn and Pinterest. It’s possible that this breach was cultivated by a repeated password of Zuckerberg’s.
According to OurMine, Zuckerberg had been using the same password for several accounts. Not only is that asking for trouble, but the password itself is highly crackable: dadada. Don’t laugh. A hacker’s software will find this in minutes.
How to Protect Your Accounts
- Change any passwords that are used more than once.
- Change any passwords that contain keyboard sequences, repetitions of letters or numbers (252525 is akin to dadada), or actual words or proper nouns.
- If the idea of overhauling your passwords is overwhelming, use a password manager (e.g., RoboForm). A password manager will create long, unique passwords that are different for every account, and you won’t have to remember them because the manager will issue you a master password.
- See which accounts offer two-factor authentication, then sign up. This is a tremendous step towards preventing being hacked. So if an unauthorized person attempts to log into your Twitter or LinkedIn account, this will send a code to your cell phone that needs to be entered before the account is accessible. Unless the hacker has your cell phone, he won’t be getting into your account.
- Some say every 90 days, or at least twice a year, change all of your passwords. I think that’s a bit much. Different and strong is what matters most.
Visit Have I Been Pwned to see if your e-mail account has been hacked. I did. 6 of my accounts showed up as being part of data dumps of sites that were hacked. Then I checked all 6 accounts, all had different passwords, but I still changed them. One was gmail, but with two factor verification/authentication, I’ve had no issue. Simply type your e-mail address into the field and click “Pwned?” If the result shows bad news, then you must immediately change your password to one that you’ve never had before—and at least eight characters and unique.
Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft preventionvideo.