How to keep data out of hackers hands

Written by New York Times | Updated: Aug 7 2014, 08:24am hrs
The numbers sound abstract: Hundreds of millions of email addresses and other types of personal identification found in the hands of Russian hackers. For people worried that they are caught in the mix, however, the discovery by Hold Security of a huge database of stolen data is very personal. But personal doesnt mean helpless. There are common sense steps everyone can take to keep the impact of hackers to a minimum.

How do I know if my personal information was stolen

Assume it is. The latest breach is huge, and similar attacks and smaller thefts are happening all the time. Hold Security is creating an online tool to allow consumers to see whether their records have been stolen, but they are not certain when it will be ready. At this point, it is wisest to improve your online security immediately.

Should I change my password

The first step, as always, is to change passwords for sites that contain sensitive information like financial, health or credit card data. Do not use the same password across multiple sites.

How do I create stronger passwords

Try a password manager like LastPass or Password Safe, which was created by security expert Bruce Schneier. These sites create a unique password for each website you visit and store them in a database protected by a master password that you create. That sounds dangerous, but password managers reduce the risk of reused passwords or those that are easy to decode.

If you must create your own passwords, make sure they are not based on dictionary words. Even a word obscured with symbols and numbers can be cracked relatively quickly. Schneier suggests creating an anagram from a sentence, and using symbols and numbers to make it more complicated.

For example, the sentence One time in class I ate some glue could become 1TiC!AsG. Create the strongest passwords for the sites that contain the most sensitive information and do not reuse them anywhere.

Are passwords enough

Passwords are not enough. If a site offers additional security features like secondary or two-factor authentication, enable them. Then, when you enter your password, youll receive a message (usually a text) with a one-time code that you must enter before you can log in. Many bank sites and major sites like Google and Apple offer two-factor authentication. In some cases, the second authentication is required only if youre logging in from a new computer.

How can I stop my information from being stolen in the first place

Increasingly, you cannot. Regularly monitoring your financial records can help minimise the damage if someone gets your information. But only the companies storing your personal data are responsible for securing it. Consumers can slow down hackers and identity thieves, but corporate computer security and law enforcement are the biggest deterrents.

Molly Wood