Recent Breach at Evernote Offers a Lesson in Password Management
Just this weekend, some 50 million Evernote users, myself included, were asked to reset our account passwords after their security team saw signs of an attempted attack on information, including usernames, passwords, and application-linked email addresses.
Luckily, there is no evidence to suggest that payment information for Evernote Business or Evernote Premium account holders has been compromised, and the password information that was exposed to the attack was stored in encrypted form, meaning the information was scrambled. Nonetheless, Evernote’s Dave Engberg wrote that an “abundance of caution” prompted the company to ask each user to update his or her password.
Kudos to the Evernote team for being proactive about account security; updating password information might be a minor hassle for some users, but it’s smart to be cautious where user privacy is concerned.
Advice for Good Password Management
Consumers can take an important step toward protecting themselves by choosing a secure password. Here are some suggestions to keep in mind when creating or updating accounts:
- Don’t use any word found in the dictionary or any personal information like your name, birth date, pet’s name, or the street you live on. And never use keyboard sequences like “asdfghjk” or “67890.” These are too common and easy for most software programs to hack.
- You can improve your password strength by mixing in special characters and numbers in addition to letters. It’s tougher to crack a password like “me1liFlu0us?” than it is to crack “mellifluous.”
- Your best bet is to base a password on a code or acronym that you can remember. For instance, if you’re a big fan of The Clash, you can use the lyrics “I fought the law and the law won” to create the password “iftl@tl1!.” You can remember the password because you know it’s based on one of your favorite songs, but the series of letters and characters has no meaning to others.
- For many of us, even memorable phrases like the above can be tough to remember, but you should never rely on a spreadsheet (or worse, a sticky note at your desk) as a memory aid. Consider using a tool like McAfee SafeKey, which is included in your McAfee All Access subscription, to keep secure passwords organized and easily accessible on all your devices.
- Finally, keep hackers out of your digital life by using a different passcode for each site or app you use. Update your passwords, especially those on very private accounts (like online banking sites) on a regular basis.
You can further minimize your exposure to hacks by choosing not to save payment information on e-commerce sites like Grubhub or Zappos, as well as by keeping close tabs on mobile and third-party apps with access to your accounts.