As you may have heard, Zappos announced that it experienced a data breach on Sunday. In an email to customers, the online shoe and clothing retailer that’s owned by Amazon said “there may have been illegal and unauthorized access to some of your customer account information on Zappos.com.”Comprised data includes:
- your name
- e-mail address
- billing and shipping addresses
- phone number
- the last four digits of your credit card number
- cryptographically scrambled password
Even though the company said that passwords were encrypted (“scrambled”), it expired and reset customer passwords as a precaution and asked customers to create a new password.
1. Easy way to create different passwords for different accounts
Even though just about every security expert warns against it, many people use the same password for different accounts. The problem is that if one account is compromised, the hackers can break into your other accounts. It may seem like an overwhelming task to have a different password for different accounts, but it’s actually easier than you might think.
First, come up with a phrase that you can use to generate an easy-to-remember but hard to guess password. For example, if you met someone named Susie Smith in 1995, your password could be based on the phrase “I first met Susie Smith in 95,” and the password itself would be IfmSSi#95. Adding those upper case characters for proper nouns along with a # sign and numbers greatly increases security.
Then, to make the passwords unique, consider adding a character at the beginning and/or end for each site. For example, your Zappos password could be ZIfmSSi#95s, using the first and last character of Zappos in the password. For Amazon, you would use AImSSi#85n, etc.
2. Change your security questions
Most sites that use passwords have security questions that you can answer to recover a password or as an extra measure of security. Make sure these aren’t obvious to answer. If lots of people know your mother’s maiden name or the name of your first car, then try to come up with a more secure question and answer set if the site lets you select your own questions.
3. Consider using a password management tool
There are several password management tools including Lastpass and RoboForm that enable you to store your passwords in the cloud or on your device and have the software (or app) enter them for you. In addition to a level of security, these tools offer a great deal of convenience and make it easier to have very different passwords for each account.
4. Check your credit accounts and reports
Although credit card numbers weren’t reportedly compromised in the Zappos attack, it’s always a good idea to frequently look at your online credit card and bank statements for recent suspicious activity. Also, you can get a free annual credit report from each of three major bureaus.
5. Have up-to-date security
If you don’t have security software, get some. And be it along with your operating system and applications are up-to-date.