Early Wednesday morning eBay confirmed that between February and March of 2014 hackers accessed a corporate database and stole encrypted passwords, email addresses, physical addresses, phone numbers and birth day information. eBay states the stolen data was non-financial and "no evidence of any unauthorized access to financial or credit card information" was found but users are still urged to change their passwords in the wake of this cyberattack.
eBay was also quick to point out users often share a single password across numerous websites (a security faux pas) and recommends users to change their password for all other accounts using the shared password. I would like to take a moment to amplify that recommendation and remind readers that these hackers may now have your email address and password which is enough information for them to log into most sensitive accounts. Please take this warning seriously and change the password to your eBay account and any other account that uses the same password.
Need Help Creating a Strong Password?
Fortunately you've come to the right place! Creating a strong password is really easy, but convincing people to actually do it is hard. Quickly I will show you how to create a strong password then I will tell you why it is so important.
A strong password should never use real words, in any language, instead create an acronym from a memorable phrase. For example, create your acronym using a line from your favorite movie, song, or TV show like "We're gonna need a bigger boat" (WGNABB). A strong password uses both capital and lower case letters, any easy method is to alternate upper and lower cases every letter (WgNaBb). Finally a strong password needs numbers and special characters. You can simply add numbers (perhaps 1975 when the film Jaws was released), but it's easier to remember and more fun if you have fun with special characters. For example: WgNaBb_/\_\0/_ looks like a shark is attacking our stick figure. Quickly and easily we have created a strong AND memorable password.
Now for the why; using a strong password is important because it is significantly harder for hackers to crack a strong password, even once it has been stolen. Websites with good security encrypt passwords before they are stored, commonly using hashing algorithms. When a security breach happens, like has just happened with eBay, hackers steal a truckload of encrypted passwords that they must then crack. Hackers can crack the encryption easily if the password is simple, now and days any password using a real word is considered simple.
Hackers can crack a 12 character password using real words with a mixture of upper and lower case letters and numbers in just over two minutes. Nearly all websites would grade this same password as "strong." You shouldn't trust the password rating given on normal sites, these are the same sites who's security failed to protect your password. The only thing protecting your encrypted password from being cracked is the passwords strength. Test your passwords with the Kaspersky secure password checker and see how long it would take to crack, then create a strong password using the method discussed above and test its strength. According to this tool the example password created in the previous paragraph (WgNaBb_/\_\0/_) would take more than 10,000 centuries to crack. This estimation is probably still a little unrealistic but at least now we're talking about thousands of years to crack a password, rather than mere minutes.
Please take the time to update your passwords and secure your accounts. If you have any cyber security related questions please feel free to contact me via Twitter (@James_AFA) or shoot me an email (James@ArmorforAndroid.com). Check out our other blog articles at ArmorforAndroid.kinja.com and learn other great security tips at Armor for Android.com