NEW YORK — With the recent news that a Russian hacker ring has amassed some 1.2 billion username and password combinations, it's a good time to review ways to protect yourself online.
Hold Security, a Milwaukee firm that has a history of uncovering online security breaches, said the data was pilfered from about 420,000 websites and is "the largest known collection of stolen Internet credentials." Hold's researchers did not identify the origins of the data or name the victim websites, citing nondisclosure agreements.
If there's reason to believe your information might have been compromised, change your passwords immediately.
One of the best things you can do is to make sure your new passwords are strong. Here are several ways to fortify them:
• Make them long. The recommended minimum is eight characters, but 14 is better and 25 is better than that.
• Use combinations of letters and numbers. Also, use upper- and lower-case letters and some symbols. "PaSsWoRd!43" is far better than "password43."
• Avoid words in dictionaries, even if you add numbers and symbols. There are programs that can crack passwords by going through databases of known words. One trick is to add numbers in the middle of a word, as in "pas123swor456d" instead of "password123456."
• Substitute characters. For instance, use the number zero instead of the letter O, or replace S with a dollar sign.
• Avoid easy-to-guess words. Don't use your name, company name or hometown. Avoid pets' and relatives' names. Likewise, avoid things that can be looked up, such as your birthday or ZIP code.
• Never reuse passwords on other accounts. If one account is hacked, others with the same password will be that much more vulnerable.
• Use multiple passwords on the same account. Some services such as Gmail give you the option of using two passwords when you use a particular computer or device for the first time. If you have that feature turned on, the service will send a text message with a six-digit code to your phone when you try to use Gmail from an unrecognized device. You'll need to enter that for access, and then the code expires. It's optional, and it's a pain, but it could save you from grief. Hackers won't be able to access the account without possessing your phone.