Online security: Ways to keep you passwords safe.
(MONEY Magazine) -- To keep your personal information and your finances safe, here are five things you need to know about online security.
1. You are now under attack by machines
After a hacking scare at Gawker Media last year, security firm Duo Security showed that it could crack 200,000 user passwords in under an hour using a "brute force" attack, in which computers try millions of passwords until one works.
Popular picks like "123456" take seconds to crack, but one with at least eight upper- and lowercase letters, numbers, and symbols will hold out long enough to send hackers searching for easier prey.
Online password generators like Random.org can help create a strong one.
2. Hackers look for your keys in public ...
Do you have photos of your kids or dog posted on Facebook?
Make sure they aren't useful to crooks: A password or security question based on, say, a pet's name is vulnerable, notes security expert and former hacker Kevin Mitnick. (Last year a Florida man was charged with using such info to hack the e-mail of celebrities, including Mila Kunis and Scarlett Johansson.)
So crank up your privacy settings -- and don't assume your mother's maiden name is a secret.
3. ... Or just ask for them
A strong password is pointless if you reveal it to others.
You've probably heard of "phishing" -- e-mails or fake websites that try to persuade you to give up your own info. Poor grammar is one red flag, says Rob Rachwald of data security firm Imperva. But the latest version is harder to spot: "Spear phishing" is realistic-looking, personalized e-mail that appears to be from a familiar source, like your spouse. When in doubt, just pick up the phone.
4. It's easy to limit the damage
The good news about password hacking? It needn't be a disaster -- if you simply maintain unique passwords for each account and change them regularly. (Sound hard? Read No. 5, below.)
According to Experian, nearly two-thirds of web users rely on the same password for at least two websites. That enabled hackers to compromise 90,000 Sony gaming accounts last October using passwords stolen from other websites.
5. You don't need a photographic memory
The average Internet user has 25 password-protected accounts to keep track of, according to a Microsoft study.
A sticky-note cheat sheet can be safe if you omit or scramble some of the info. But a password manager may be your best bet: Free software like KeePass can store log-in information in an encrypted database on your own computer.