In the aftermath of one of the biggest security breaches the Internet has ever seen, Web users are scrambling to determine whether their online accounts were affected and if they should act on it.
Earlier this week, experts uncovered the Heartbleed bug, a massive security flaw in the OpenSSL software that is used to encrypt online communications, possibly putting hundreds of thousands of Web and email servers worldwide into the hands of hackers.
The Heartbleed bug tricks servers running OpenSSL into revealing decryption keys stored on a server’s memory. With these keys, hackers can intercept sensitive information like passwords and credit card numbers.
The Heartbleed bug, which may have compromised such high-profile services as Tumblr, Yahoo, Flickr, Gmail and GoDaddy, exposed one of the pitfalls of living with personal information online and felt to many like a major violation of privacy. Perhaps worst of all, it went undetected for more than two years.
Fortunately, by now, most sites that were vulnerable to the Heartbleed bug have since patched it. While it’s never really been clear which sites were exposed and which weren’t, many Internet companies have recommended updating your passwords. At any rate, it’s always a good idea to update your login information pretty regularly.
Here are seven tips for creating stronger, harder-to-crack passwords.
Don’t use personal information. Your name, birthday, hometown and other information that can be easily discovered by a quick social media search shouldn't be used in your passwords.
That means things like “JaneOhio” and “JimMay12” should never be considered.
Add special characters, numbers and punctuation. The most popular passwords are, even to this day, “123456” and “password.” Only a birdbrain would think he’s safe from hackers with a password like that.
The more special characters, numbers and random punctuation you have in your password, the more difficult it is for someone to guess it. Get as many of them as you can in there, and space them randomly, even in the middle of words (“blo_7ssom#9,” for example.)
Invert the password. Tech2 recommends making your password more complicated by flipping a password you’ve already created and tacking it onto the end, should space allow for it (and you should definitely always take advantage of more character space when it comes to making passwords!)
For example, if you’ve decided your password will be “sNa_1L3,” invert it (“3L1_aNs”) and add it to the password. You’ve now got “sNa_1L33L1_aNs,” which is much harder for someone to guess.
Don’t use the same passwords for all your accounts. It’s just not a good idea. Imagine if a hacker cracks your password. They now have access to ALL your social media and email accounts and any banking you do online.
This is where the next tip will come in handy.
Get a password manager. Password managers help you generate several random, strong passwords, then store them so you don’t have to think of them every time you go to log into an account. You then have one “master” password that allows you to access all the others.
Intentionally misspell words. “Most brute force attacks to determine your password will have a reference dictionary,” Tech2 reports. “Common words” are easier to figure out than others. Why not throw hackers a curveball by intentionally misspelling a word in your password?
“UniCorn73#_4” could become “OoniKorn73#_4.” Get creative!
Use a sentence to create your password. Pick your favorite line from a song, a poem or a movie quote. Then, take the first letter of every word and string them together. You’re your own random word generator!
For instance, "Toto, I've a feeling we're not in Kansas anymore” can become “TIafwniKa.” A good start!