Shoe and apparel retailer Zappos.com disclosed a major data breach on Sunday January 15, 2012. The shoe retailer is requiring customers to change their passwords to the website, as customer name and address data may have been accessed, along with last four digits of customer credit cards (but not full credit card numbers.) Sources indicate that the entire customer base of 24 million may be affected.
So how can the average computer user protect themselves from such breaches? We recommend the following tips:
- Use updated anti-virus, anti-malware and web filtering software. We routinely recommend Microsoft Security Essentials,Malwarebytes' Anti-Malware, and K9 Web Protection as excellent products for the home user.
- Use complex passwords that include a combination of letters, numbers, upper/lowercase and special characters if allowed,
- Make sure passwords are at least 8 characters minimum, and do not spell any word in a dictionary, or common variants,
- Use a different password at every website that needs added security, such as banking, insurance, or financial websites.
- Avoid common passwords like "123456," "password," "letmein," "qwerty," etc. Hackers know that people use these passwords frequently and already exploit this fact.
- Consider use of single-use or single merchant credit card numbers. A few credit card companies, notably Citibank and Discover Card, offer software that can make single-use credit card numbers (that can only be used once) or single-merchant credit card numbers (that can only be used at the particular merchant where the number is first used.) Both of these measures can limit your exposure to fraudulent charges online. Contact your card issuer for availability.
- If you can, consider setting one computer aside for banking/secure use that is not used to surf the Internet except to acquire security updates.
- Consider the use of password manager software, especially if you have to use lots of passwords. Typically, this software contains tools that will create secure passwords for you; however, the passwords created tend to be very cryptic (e.g., 6XrAgVzm@L!s). But you need not worry about remembering such passwords; the software stores them for you.
- There is some websites that actually allow you to check security of passwords; one well-endorsed site known as How Secure Is My Password? that can give you an idea of whether a password you want to try is a good choice.