Video Screencast Help
Security Response

Pulling Passwords out of a Hat

Created: 02 Aug 2012 14:17:55 GMT • Updated: 23 Jan 2014 18:13:32 GMT • Translations available: 日本語
khaley's picture
+1 1 Vote
Login to vote

For magicians, one of the most important tools in their bag of tricks is the concept of misdirection. As you watch one hand, the other hand pulls off the trick. Recently there has been an increase in the theft of logon data, such as user names, email addresses, and passwords being stolen from various websites. The primary concern is that logon data has been compromised. However, hackers today are modern magicians; you will see that there is more than meets the eye when you understand the true risk.

Password security should be a principal concern. As soon as you are notified of any password issues, change your password on affected sites. To their credit, the companies that have been victims of these recent events have done a good job notifying their customers and taking the necessary steps to reset passwords proactively. They have locked-down accounts and encouraged users to change their passwords. Despite all of these efforts, there are usually more things to consider.

It is not uncommon for users to reuse the same logon name or email address on other websites, as well as reuse the same password. If you reuse logon credentials across sites, a logon and password stolen at one site has made you vulnerable to attack on other sites as well.

To add insult to injury, some attackers who steal this data do not use it just for their own personal gain. They freely post plain-text passwords and password hashes online where other attackers can find them—in public forums or uploaded to torrent sites, for instance. So, it's not just one hand performing the magic trick, it’s several hands.

First things first: change your password on any site that is compromised and make sure it is a strong password. You should also use different passwords across different sites. I know this is a challenge. It may be impossible to remember all of those passwords, so we encourage you to get help. Avoid using your browser to store your passwords. We suggest putting them in a safe, protected place that is available to all your devices. Symantec offers a product that does this. It is called Norton Identity Safe—download by October 1, 2012 and enjoy it FREE of charge forever. No strings attached. It is not the only solution—there are plenty of good ones out there—pick the one that best suits you.

Because with hackers, you have to watch what both hands are doing.