For those who haven’t heard, LinkedIn, the leading business networking site, fell victim to a major security breach, which was made public on Monday, June 4th, 2012. LinkedIn has confirmed that over 6 million passwords were stolen from their system. This has got us thinking about password protection.
Payza’s system is secure. Our network is protected by a 128-bit SSL encryption system and by the FraudMatrix, Payza’s proprietary, state-of-the-art real-time monitoring platform which instantly identifies suspicious activity. We also have a team of professional fraud prevention analysts who assess external security threats to our system and ensure members’ accounts are not compromised by attempts at hacking our system.
But users still have to do their part in keeping their passwords confidential. We will protect all your information in our system, but if users give their information away themselves, then their accounts can be compromised. You should never reveal any personal information publicly, on Facebook or any other social media platforms. Even if you don’t openly reveal your information, your password could still be at risk if you’re not careful. We’d like to address the most common ways your password could be discovered.
1. Weak Passwords
One of the most interesting things we found after the LinkedIn security breach was this list of the 30 most popular passwords among those stolen. The number one most popular password was “link”, used by almost 1000 people. The list is quite predictable, with mostly sequential numbers (“1234”), words related to the website (“work”, “job”), religious words and curse words.
The first reason why these are bad passwords is because they’re common. The fact that this list exists at all means that people are not choosing their passwords wisely. The main problem with these specific examples is simplicity. The passwords are short, they’re all either real words or sequences, and all of them contain only letters or only numbers.
To avoid making the same mistakes, use some of the following tips when making passwords*:
- Include punctuation marks and/or numbers.
- Mix capital and lowercase letters.
- Include similar looking substitutions, such as the number zero for the letter ‘O’ or ‘$’ for the letter ‘S’.
- Create a unique acronym, such as ‘TIMP’ standing for ‘This Is My Password’.
- Include phonetic replacements, such as ‘Luv 2 Laf’ for ‘Love to Laugh’.
- Don’t reuse passwords for multiple accounts.
The other way people can have their password stolen is by accidentally giving it away to a fraudster, due to a scam called ‘phishing’. Phishing is the attempt to acquire someone’s personal information by posing as reputable people to get login information or other personal information from their victims. If you receive a suspicious email from a person or company requesting personal information, here are some ways to tell if someone is attempting to defraud you:
- Check out the URL and/or email address on the email. If you notice a difference from the real company’s URL or a sub-domain in the email address, the email may be a phishing attempt.
- Hover over any links that appear in a suspicious email. Check to see where they lead. They may take you to another website that could harm your computer or compromise your information.
- Check for spelling and grammatical errors and typos. Emails from credible, trustworthy organizations should not contain spelling and grammatical errors or typos. Exercise your best judgment if they do.
- The email is from a company you either haven’t dealt with in a while or never dealt with before. This should be a dead give-away that the email is ‘phishy’.
- The message is demanding that you modify personal information by email. A credible organization would never ask for this sensitive information by email.
At Payza, we diligently protect our members’ information, but it’s just as important that our members keep their information safe from prying eyes in order to ensure total security.
If you receive an email that claims to be from Payza but was sent from a different domain or an email asking you to provide your password, transaction pin, or verify your account information, this email was not sent from Payza. Please forward these emails to firstname.lastname@example.org.