Keeping your online accounts safe

@Money January 11, 2012: 5:15 AM ET
Online security: Ways to keep you passwords safe.

Online security: Ways to keep you passwords safe.

(MONEY Magazine) -- To keep your personal information and your finances safe, here are five things you need to know about online security.

1. You are now under attack by machines

After a hacking scare at Gawker Media last year, security firm Duo Security showed that it could crack 200,000 user passwords in under an hour using a "brute force" attack, in which computers try millions of passwords until one works.

Popular picks like "123456" take seconds to crack, but one with at least eight upper- and lowercase letters, numbers, and symbols will hold out long enough to send hackers searching for easier prey.

Online password generators like Random.org can help create a strong one.

2. Hackers look for your keys in public ...

Do you have photos of your kids or dog posted on Facebook?

Make sure they aren't useful to crooks: A password or security question based on, say, a pet's name is vulnerable, notes security expert and former hacker Kevin Mitnick. (Last year a Florida man was charged with using such info to hack the e-mail of celebrities, including Mila Kunis and Scarlett Johansson.)

So crank up your privacy settings -- and don't assume your mother's maiden name is a secret.

3. ... Or just ask for them

A strong password is pointless if you reveal it to others.

You've probably heard of "phishing" -- e-mails or fake websites that try to persuade you to give up your own info. Poor grammar is one red flag, says Rob Rachwald of data security firm Imperva. But the latest version is harder to spot: "Spear phishing" is realistic-looking, personalized e-mail that appears to be from a familiar source, like your spouse. When in doubt, just pick up the phone.

4. It's easy to limit the damage

The good news about password hacking? It needn't be a disaster -- if you simply maintain unique passwords for each account and change them regularly. (Sound hard? Read No. 5, below.)

Top 10 looming computer security threats of 2012

According to Experian, nearly two-thirds of web users rely on the same password for at least two websites. That enabled hackers to compromise 90,000 Sony gaming accounts last October using passwords stolen from other websites.

5. You don't need a photographic memory

The average Internet user has 25 password-protected accounts to keep track of, according to a Microsoft study.

Send The Help Desk your money questions

A sticky-note cheat sheet can be safe if you omit or scramble some of the info. But a password manager may be your best bet: Free software like KeePass can store log-in information in an encrypted database on your own computer.  To top of page

Market indexes are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer Morningstar: © 2014 Morningstar, Inc. All Rights Reserved. Disclaimer The Dow Jones IndexesSM are proprietary to and distributed by Dow Jones & Company, Inc. and have been licensed for use. All content of the Dow Jones IndexesSM © 2014 is proprietary to Dow Jones & Company, Inc. Chicago Mercantile Association. The market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. FactSet Research Systems Inc. 2014. All rights reserved. Most stock quote data provided by BATS.