If you are internet savvy, you are mindful that you should not click on an email link from an unknown source. You are wary of online ads for items that are too good to be true, like that miracle anti-aging cure or the financial investment that will earn you millions overnight. You ignore email requests to enter your full Social Security number on an online site.
And you know that it is probably unlikely you won the Zimbabwe lottery (since you never entered in the first place), so you won’t be paying them the small fee to collect your winnings.
But new online security threats abound, especially when it comes to email addresses and passwords.
Recently I was one of millions of people who received an email from LinkedIn informing us of a security breach and asking us to change our password. LinkedIn is a social networking service primarily used for business networking. An individual’s profile may include details of their career—companies they worked for and dates of employment—as well as their geographic location and their network of contacts.
LinkedIn’s security breach actually occurred in 2012, but last week it was discovered the breach was much larger than first reported. The stolen data included 117 million email and password combinations that are currently up for sale by the hackers.
Changing passwords is one way to thwart a hacker’s attempt to enter your LinkedIn profile.
The real danger here is not someone gaining access to your LinkedIn account, because at most they can change your profile or access your contacts, but access to your email and password combination.
Most of us are tempted to use the same log-in information (email and passcode) for sites requiring us to establish a log-in, but that practice puts us at greater risk for hacking.
How many times have you used the same password and email address to create accounts? For example, do you use the same email address and passcode combination to access your online banking account and your Amazon account? Do you use it to access your healthcare account and online investment site?
Once the hacker has your email and password combination and can see via LinkedIn where you work, they can attempt to use your log-in information to enter your workplace computer, potentially jeopardizing your company assets in addition to your own.
As a way to foil hackers, a number of the more secure online sites now require a two-step process for authentication. You may enter your email address and passcode and then be asked to set up a security question that must be successfully answered to gain access.
If you are concerned about your online vulnerability, the first step is to create a strong password for your account. According to Microsoft, a strong password is one that is at least eight characters long; does not contain your user name, real name or company name; does not contain a complete word; is significantly different from previous passwords; and contains a combination of upper- and lowercase letters, numbers and symbols.
But keep in mind: It’s not all about password strength. If you reuse your password at multiple locations, it may be hacked and people may use that password to access your other accounts.
Change all your passwords immediately if you have any reason to believe that someone else had access to any or has broken into your account.
And consider changing your passwords periodically, ideally at least every six months.