Plante Moran Technology Expert Offers Three Simple Steps to Limit Threats
Southfield, Mich., – Earlier this summer, nearly 6.5 million LinkedIn password hashes were posted on an online forum by a hacker asking for help reversing the hashes into valid passwords.
Shortly after, another hack of passwords from the online dating site eHarmony was publicized. In July, Formspring and Yahoo! confirmed their sites’ passwords were also compromised.
Incidents such as these are a wake-up call for businesses and individuals to get serious about password security, say technology experts at Plante Moran, one of the nation’s largest certified public accounting and business advisory firms.
“It took hours for some sites to acknowledge and respond to compromised accounts and some companies have yet to confirm how hackers accessed sites or determined what vulnerabilities are and how they will be fixed,” explains Raj Patel, an expert in information security and a partner specializing in technology.
While most companies immediately sent e-mails for customers to reset passwords, they missed the real intent of the hack, says Tom Ervin, an information security consultant at Plante Moran. Hackers don’t actually want LinkedIn passwords. What hackers want is email addresses and account passwords used to log in to sites like LinkedIn.
“Hackers hope that users have the same password across many or all of the sites they visit,” Ervin says. “After gaining access to an individual’s email, the hacker has the ability to view other sites that were activated using that email address. The danger comes from their ability to locate accounts such as online banking, shopping and payment sites like Google Checkout or Paypal. In the case of LinkedIn, a hacker could purchase goods and sell them for cash using the information originally gained from accessing the site,” he says.
What can the public do to protect from password vulnerabilities? Patel offers the following simple steps:
- Use tiered passwords. Don’t use the same password for all sites. Just like you have different keys for different doors, you need to use different passwords for different sites.
- Change your passwords frequently. When was the last time you changed your password for your online banking account or Facebook? It is recommended that users change passwords to sensitive accounts at least every 30 days.
- Set strong passwords. Setting long passwords that contains letters, numbers and characters for numerous websites can be difficult to memorize. Use paraphrases like “MyBirthDate?June15,90.” It’s long, has all the letters, numbers and characters, and it’s easy to remember.
“Breaches will continue to occur, so getting into the habit of changing things regularly can mean the difference between security and vulnerability,” Patel concludes.
About Plante Moran, PLLC
Plante Moran is among the nation’s largest certified public accounting and business advisory firms, providing clients with tax, audit, risk management, financial, technology, business consulting and wealth management services. Plante Moran has a staff of more than 2,000 professionals in 22 offices throughout Michigan, Ohio and Illinois, with international offices in Shanghai, China; Monterrey, Mexico and Mumbai, India. Plante Moran has been recognized by a number of organizations, including FORTUNE magazine, as one of the country’s best places to work.