Countless eBay users were this week urged to alter their passwords regarding one of the largest data breaches in history.
The web-based giant admitted that hackers had secured access to site visitor details including passwords, email addresses, dates of birth and home addresses in February and March of this year. It said that “a large part” of its database, which runs to some 145 million users, was risked, but that not financial data such as credit card details was accessed.
Despite issuing assurances that all passwords were encrypted and unlikely to have been unscrambled, eBay is advising all registered customers to change their password to be on the safe side. Instructions on how to do this can be found there.
The main danger with data breaches of this type is that rather than simply gaining access to the site that was hacked, the criminals will sit on the data and test out username and password combinations on other sites. This is often successful because so many people use exactly the same details on numerous sites.
Worse still, a large percentage of those passwords are horribly poor. Security firm Splashdata releases a list each year of the most regular stolen passwords. 2013 saw “123456” beat “password” to hit the number one spot. Other types of noteworthy (bad) entries include “qwerty”, “abc123″ and “letmein”. All are asking for trouble.
Ensuring that your passwords are secure and unique, but still memorable, takes some imagination, but it can be done. An example of a unique password system that we consistently give, is based on lyrics from a song such as Hotel California by the Eagles: Take the first letter of each word ‘Mirrors on the ceiling, pink champagne on ice’- and you get “motcpcoi”.
For a level of added security add a ^ sign after ‘ceiling’, and a dollar sign at the end of the line to give motc ^ pcoi$.
To use on several sites you then add the second letter of the website name in second place, and the last letter of the website name to the final letter of your new password. So for annualcreditreport your password would be mnotc ^ pcoi$t– and despite the complexity of the new password, you can easily retrieve it just by humming the tune, remembering the ‘personalisation’ to each website, and you’ll be rattling out unique and very secure passwords for each and every website you use in a matter of seconds. No paper lists. No forgotten passwords.
The song Hotel California is just used as an example of course. The same formula can be applied to any song, for example – you could go for Jamiroquai – titrofsc ^ (‘This is the return of the space cowboy’) or maybe Michael Jackson – ibibyki ^ (‘I’m bad, I’m bad, you know it’). With the added bonus that you get to hum your favourite song to remember your password variations!