Internet password thefts on the rise

Morton Konkrake

December 19, 2012

Rachel Dove-Baldwin

Staff Writer

WILLIAMSON — Cybercriminals illegally trading stolen personal information such as passwords has increased at an alarming rate of 300 percent since 2010 during the first four months of 2012, according to the latest research from market research agencies.

Experian, a company that oversees credit reports and identity theft concluded that 12 million pieces of personal information were illegally sold during the four-month period, 90 percent of which consisted of login details and passwords. The figures dwarf the credit agency’s data for last year, which totaled 9.5 million.

“The reason password and login combinations make up nine out of ten illegally traded pieces of data is because they give access to a huge amount of other valuable information, such as address books and related accounts,” stated Peter Turner, the managing director at Experian Consumer Services.

The research suggested consumers were still not being as careful online as they could be, and revealed that Americans on average used just five different passwords for their 26 online accounts. It also revealed, however, that a quarter of American internet users used a single password for most of their online profiles and accounts.

Experian urges consumers to create different strong passwords for each site, although some members of the Experian team and other experts disagrees that strong passwords are enough to protect important data.

“They’re as strong as a simple lock against professional thieves. Passwords can be guessed, cracked or stolen through social engineering,” Turner said. “Worse still, businesses can be attacked and stories of breached password databases make for uneasy reading. Businesses need to think carefully how they secure password information for which they are responsible, such as encrypting password records and securing the database.”

So far this year, an increasing number of sites have succumbed to hackers, with breaches resulting in millions of passwords being published online. With identity theft increasing, it’s important to make online accounts as secure as possible.

Leading security authorities recommend passwords at least eight characters long with a mixture of lower and upper case letters, numbers and special characters, but most importantly, that they are different for each online account you have.

Twenty years ago passwords were something we heard about regarding military or classified information but today, passwords are a part of our everyday lives. We use them for everything from online shopping to accessing our email account on the internet. We have hidden our most valuable information behind passwords instead of lock and key, so they are more important than ever especially when it comes to identity theft. Sometimes passwords can be difficult to come up with but by using simple tricks like memory hooks, number substitutions and password formulas, you can create “killer” passwords that are easy to remember.

A memory hook is a phrase that is easy to remember and will remind you what your password is. An easy memory hook is just using the first letter of each word in a phrase. For example, the nursery rhyme “Mary had a little lamb, its fleece was white as snow” would become “mhallifwwas”. That is pretty easy to remember, and pretty hard to guess, which is exactly what you’re looking for in a password.

Another handy trick when creating a password is to substitute a number or character for a letter. This can make the password look a little strange, but it also creates some very complicated passwords that are easy to remember, as long as you remember the substitutions. Of course, some people will use one substitution, but not another, (for example, you might choose to use ! for the letter “i”, but not use $ for “S”.) Using a number substitution, you can make a common item like the Coke can on your desk your new password; (CocaCola becomes <0|<@<01@ - which would be a pretty tricky password.) You can also combine the memory hook and number substitution ideas for an innovative password and that would be very secure. In the nursery rhyme example above, your new password could be “|V|h@111fww@$” when it is combined with the number and character substitution. This is a little tougher to remember, but much harder to crack.

When you’re dealing with a website password, you can let the website be part of a memory hook. In this case, it’s a good idea to have numbers and letters that mean something to you close at hand. It’s fairly safe to use birth dates, anniversaries, and other important dates in your life if they are only part of the password. The secret to keeping a formula password safe is not letting anybody know your formula. It should go without saying that you did not write your password down and hang it on a Post-It note on your computer screen.

Of course, passwords are not the ultimate answer to everything. They can be stolen and changed fairly easily. Some authorities in the information technology world are making a bigger push toward getting rid of passwords completely in favor of single-use passwords. For the time being, having is safe and secure password is crucial to protecting yourself and your family from identity theft.