MOUNTAIN VIEW, Calif.--(BUSINESS WIRE)--A report issued this week claimed that a Russian cybercrime group stole 1.2 billion usernames and passwords from 420,000 websites. While some security experts question the report’s findings, Symantec asserts the potential threats are important to take seriously.
Symantec recommends consumers take five steps now to protect their most sensitive password protected information:
- Pay special attention to your email credentials: A lot of users fail to recognize that their email account can be a front door to their entire digital life. Think about how many times you may have reset your password on some other site and the recovery link is sent to your email account. In addition, avoid opening emails from unknown senders and clicking on suspicious email attachments; exercise caution when clicking on enticing links sent through email, instant messages, or posted on social networks; and do not share confidential information when replying to an email.
- Change passwords on important sites: It’s a good idea to immediately change passwords for sites that hold a lot of personal information, financial details, and other private data. Cyber criminals who have your credentials could try to use them to access more information on these accounts. This is particularly true if you have used the same password on multiple sites. Attackers will often try to use stolen credentials on multiple sites.
- Create stronger passwords: When changing your password, make sure that your new password is a minimum of eight characters long, and that it doesn’t contain your real name, username, or any other personally identifying information. The best passwords include a combination of uppercase and lowercase letters, numbers, and special characters.
- Don’t re-use passwords: Once a hacker has your account information and credentials, they’ll try to use it to gain access to all your accounts. This is why it’s important to create a unique password for each account. If you vary your passwords across multiple logins, they won’t be able to access other sites with the same information.
- Enable two-factor authentication: Many websites now offer two-factor (or two-step) authentication, which adds an extra layer of security to your account by requiring you to enter your password, plus a code that you will receive on your mobile device via text message or a token generator to login to the site. This may add complexity to the login process, but it significantly improves the security of your account. If nothing else, use this for your most important accounts.
PASSWORD THREAT INSIGHTS FROM SYMANTEC
- Consumers are experiencing password fatigue. The average user has 26 password-protected accounts but typically uses only five different passwords.
- Consumers are resistant to regularly updating their passwords. A Symantec survey indicated that 38 percent of people would rather clean a toilet that come up with a new password.
- The number one cause of breaches and compromised records in large organizations is stolen credentials. Symantec research asserts that 80 percent of data breaches could have been eliminated with the use of two-factor authentication.
- In 2013, the two most common passwords were: 1) 123456 and 2) password.
- To learn more, visit this Symantec blog post that presents a valuable infographic on threats to data.
ADDITIONAL COMMENT FROM SYMANTEC
Cybersecurity threat intelligence researchers from Symantec are available to further discuss this week’s revelation of the largest known collection of stolen Internet credentials. Interested media outlets should contact email@example.com with requests for additional comment.
Symantec Corporation (NASDAQ:SYMC) is an information protection expert that helps people, businesses and governments seeking the freedom to unlock the opportunities technology brings -- anytime, anywhere. Founded in April 1982, Symantec, a Fortune 500 company, operating one of the largest global data-intelligence networks, has provided leading security, backup and availability solutions for where vital information is stored, accessed and shared. The company's more than 20,000 employees reside in more than 50 countries. Ninety-nine percent of Fortune 500 companies are Symantec customers. In fiscal 2014, it recorded revenue of $6.7 billion. To learn more go to www.symantec.com or connect with Symantec at: go.symantec.com/socialmedia.
NOTE TO U.S. EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.
Symantec, the Symantec logo, and the Checkmark logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
FORWARD-LOOKING STATEMENTS: Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and are subject to change. Any future release of the product or planned modifications to product capability, functionality, or feature are subject to ongoing evaluation by Symantec, and may or may not be implemented and should not be considered firm commitments by Symantec and should not be relied upon in making purchasing decisions.