I-Team: Protecting usernames, passwords
CHICAGO (WLS) -- The numbers are staggering: 1.2 billion passwords and user names were stolen by Russian criminals. It could be the biggest theft of digital credentials in history.
It seems like every time you turn around your identity or personal information is at risk. This time it's thanks to a Russian cyber-gang attacking about 420,000 websites. Now, those criminals could have your user names and passwords.
If you haven't done it already, it's time to change your user names and passwords, especially on your financial websites and social media.
"All my social media, I have 4-5 different accounts there. I have two email accounts, including school email. Keep everything as safe as possible and keep changing your passwords," said Riley Loop.
A Russian cyber gang, attacking with malicious code, obtained data from hundreds of thousands of websites, including about 1.2 billion user name and password combos. A private security company in Milwaukee discovered the list.
"It is the cyber crime of the century so far, it's huge, but not unexpected," said Bill Kresse, professor, Governors State University.
Kresse says that the cyber gang of about 30 young men, in southwest Russia, most likely sold the list.
"(You think they will actually cash in?) Probably. Maybe the Russian authorities will move in and stop them, but they haven't in the past," said Kresse.
VIDEO: Local experts provide password security tips
Tips for keeping your passwords secure
Most of us use the same password on several sites and rarely change them.
"Like my mom is not changing her password all of the time, she uses the same one and uses the same password for every site, which is bad," said PJ Macklin, Sound Slice.
PJ Macklin and Adrian Holovaty run an internet music sheet service called Sound Slice-and they use an app to keep track of all of their different passwords and user names.
"I use this software called '1Password' to manage that for me so it makes it really easy. Yeah, different password for every site, super long, super complicated, with weird characters and numbers," said Holovaty.
So how bad is the password problem? Local security experts from Trustwave, a Chicago-based online security company, said its annual global security report found they were able to recover almost 92 percent of all saved passwords stored by businesses, and the most commonly used passwords are "password1" and "hello123."
Websites don't always allow you to change your username, but experts on fraud also told the I-Team how important it is to at least use different passwords for each website and change them frequently.
Trustwave told the I-Team that consumers and businesses should use what's known as two-factor authentication to provide an additional security layer by asking you about an image or another answer to a question after you enter your password. Many times you can go to the settings of your account to activate this option.
If you don't want to store your passwords on paper, or on an app, another tip is to use the first two letters of a company's name at the beginning of each password to help you remember.
"Include in the initials the entity you are signing on to, so, Bank of America begin passwords with BA, and Commonwealth Edison, CE," said Kresse.
Another way to enhance your password is to use numbers as letters like "3" instead of "e." You can also use a name in your family that's unusual, like a nickname.
TWO FACTOR AUTHENTICATION:
http://www.cnet.com/news/two-factor-authentication-what-you-need-to-know-faq/
TRUSTWAVE REPORT:
https://gsr.trustwave.com/topics/business-password-analysis/2014-business-password-analysis/
SHOULD YOU STORE PASSWORDS IN THE CLOUD OR ON APPS?
http://robertsiciliano.com/blog/2011/10/28/should-you-store-passwords-in-the-cloud/
