Many of you, like us, received an email from Zappos yesterday asking you to reset your password due to a security breach. And after determining that the email wasn’t phishing spam (thanks, Twitter!), I headed to the Zappos site, clicked the “reset password” button and changed it
Thanks to Zappos’ vigilance and swift attention to the problem, they did a great job alerting customers, being responsive on Twitter, and made changing passwords pretty simple. (At least for US users.) They also assure us that the database where credit card info is stored was not compromised.
That said, something like 24 million (!!) customers were affected. And when something like this happens, it’s always a good time to reevaluate your online passwords. Here’s what we suggest you do to make the strongest passwords and keep yourself protected.
1. Change your password. Now.
If your password was compromised, it’s recommended that you change your info on any other sites that use the same password. We’d suggest starting with Amazon, which owns Zappos, though reports have yet to confirm whether that database was hacked into as well.
Experts recommend using different passwords everywhere–though realistically we know that’s a hassle. Especially for those of us with mommy brain.
Easier might be to use one set of passwords with variations (see below) for the retail sites you frequent, and a totally different set of passwords for financial institutions like credit cards, banks, and investment accounts. Those are the places you really don’t want someone getting access.
3. Familiar words = good for life, bad for passwords
It used to be that people would create passwords using familiar words like their kids, dogs, and husband’s birthday, which is almost like handing over your information to a hacker wrapped up in a bow. However, using completely random letter and number sequences is not only challenging for you to remember–i’ts not all that hard for hackers to crack. Many spam bots are programmed to spit out random letters and numbers just like that.
The best, tried and true method for a good password is a string of common words that only have meaning to you, like your favorite ice cream flavor, college nickname and favorite shoe designer put together. Add in a number that you’ll remember and get a cap letter in there too. This makes them tough to hack and easy to recall, which is the perfect combination
for those of us with mom brain.
4. Use variations on a theme
Of course you can’t have 100 totally different passwords for every single website that requires them. But you can come up with variations on the theme–change up the order of the words or numbers for different sites. Like perhaps your Zappos password is like your Facebook password, but one ends with a Z and the other with an F.
5. Write it down!
Keep track of all your passwords on some protected cloud site or Google doc so you always have access to it if your accounts are compromised. Then it’s simple to go down the list and make changes where you need to. Even better: Do it manually somewhere safe, like this Password Log Book or your own binder or journal. We’ve yet to hear of hackers making their way into the sketchbook in your desk drawer. -Kristen
If you still have questions or concerns, both Zappos and 6pm.com have been pretty responsive on Twitter. You can tweet them or check the site for an email address. You can also read this WSJ article for a little more info. And for more handy tips like this, make sure you’re a Cool Mom Tech subscriber and follow us on Twitter!