The news today (June 6) that Mark Zuckerberg, Co-founder and CEO of Facebook, and therefore one of the most tech-savvy people, has been hacked, should be a wake-up call for everyone using multiple web services with the same password.
In 2012, LinkedIn was hacked and 117 million passwords compromised and it turns out one of them was Zuckerberg’s. Someone going by the name of OurMine Team found his details and used them on other social media platforms where he had an account and this gave them access to Zuckerberg’s Twitter feed and Pinterest. How? Because he’s used the same password for all three. It’s called password recycling and it is rule number one in the book of things not to do if you don’t want your digital life hijacked.
However, inventing unique yet easy to remember a non-dictionary word password for every web service in your life is an impossible task.
According to Global Web Index, the average adult with web access now has 6.5 separate social media accounts alone. That’s before email, online retail, digital services like Uber, and so on. Back in 2013, it was estimated that the average web user was juggling passwords for 26 different services.
Fortunately, the biggest and best tech companies feel your pain and of course know that every hack dents their reputation and therefore bottom line. Google, Apple, Facebook, Twitter, Yahoo, LinkedIn, and Microsoft (plus, many more) all offer two-factor authentication. It combines what you know with what you have, in order to gain access. Usually, this means having to enter a code — sent as a text message to a user’s phone — as well as a password when logging in.
All web users should activate 2FA wherever it’s offered but for extra protection and for situations where the option doesn’t exist, a password manager is the way to go. Those that prefer Macs to PCs will have noticed that Apple has integrated a free password management tool into its latest operating system.
It can create fiendishly difficult logins for any number of sites, automatically store and manage them safely. However, there are also a host of operating system agnostic services out there, such as LastPass and 1Password that work with mobile and desktop and once signed up, all users need is to create one unique password for accessing that account and the password manager will take care of everything else. Even when using someone else’s computer. Navigate to the site, log in, and then the tool will allow you access to your regular web services.
If all of this sounds too much — but increasing evidence shows that it isn’t — there are still very simple steps anyone can take. Don’t use words found in the dictionary to create a password, and if you must recycle never use the password for your main email account for your main bank account. Think about setting up an email address specifically for those times when you need to register for a service that is only going to be used from time to time — booking a cheap flight, accessing a business’s recruitment pages, etc.
(According to VentureBeat.com, Facebook confirmed that Zuckerberg’s Instagram account was not accessed, despite what the attackers claimed. “No Facebook systems or accounts were accessed,” a Facebook spokesperson told VentureBeat in a statement. “The affected accounts have been re-secured.”)