X

Hackers' sale of Comcast log-ins reminds us to change our password habits

Hackers offered 200,000 customer passwords for sale online, forcing Comcast to send reset notices to many users. The lesson? We all need to get a lot smarter about Internet security.

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
3 min read
42-71054309.jpg

The stockpile of email passwords, which wasn't stolen directly from Comcast, is a good reminder to change your passwords frequently and use other good password habits.

Tannen Maury, EPA/Corbis

In case you needed a reminder: Change your passwords frequently, and use a different password on every website.

I know, it's annoying. But that's the takeaway from news that Comcast had to reset passwords on nearly 200,000 customer email accounts.

Here's the catch. Hackers didn't breach Comcast's computers to steal the information. Instead, they created their list of passwords with information stolen from you and me. Sometimes we're so gullible that hackers can trick us into giving them our password. Then, since we often use the same password everywhere, those hackers have a skeleton key to our lives.

That's often how hackers have broken into the online accounts of various celebrities over the years.

Comcast's answer was to reset all the passwords for its affected customers, said a spokeswoman for the company. Steve Ragan, a security researcher and blogger, was the first to stumble on the list of passwords.

The good news is there are some smart password habits that can protect you from losing control of your entire online life.

Use complicated passwords

With so much information potentially for sale on the dark side of the Internet, or easily found on your Facebook page, it really isn't a good idea to make your password the name of your beloved Pomeranian. Randomly generated passwords that use special characters and numbers are best.

There are lots of memory tricks you can use to help you accomplish this, but you should probably just...

Use a password manager

We applaud you if you've gotten this far without screaming out, "That's impossible!" and closing your browser window.

The fact is, few people can memorize complicated, unique passwords for every online account they have. That's OK.

Fortunately, software developers have come up with an answer. A variety of tools can help you keep track of all your passwords. Two of the most popular password managers are called LastPass and 1Password, both of which can help you use every tip listed here.

Of course, password managers aren't perfect either. After hackers breached its systems a few months ago, LastPass was recently purchased by workplace log-in company LogMeIn. The hackers couldn't access all the user passwords, but they found the hints that could have let them into some user accounts.

OK, now that you're using a password manager...

Don't use the same password for different accounts

If hackers steal your password, they may try it on any number of accounts. You wouldn't want intruders to get into your bank account just because you used the same password you used for the Harry Potter fan site Pottermore, would you?

What's more, some websites take security much less seriously than others. For example, some sites email you your password in plain text when you've forgotten it. That's incredibly easy information for a hacker to intercept. Limit risks caused by one site's laxness by having a unique password for all your accounts.

It's also a good idea to...

Change your passwords frequently

Once your password gets stolen, it might go up for sale on the Dark Web, that untraceable series of websites where everything from drugs to your health records might be up for grabs.

That's what happened to the Comcast passwords. A whopping 590,000 were for sale, but luckily only about 200,000 were up to date. That number could have been lower if Comcast users were changing their passwords more frequently.

And if you're willing to go that extra step, there's one more thing that's easy to do...

Use 'multiple factors' to log in

As you can see, there's no way to guarantee that someone won't steal your password. That's why you should take advantage of multiple-factor log-ins when available. Plenty of major Web-based companies will let you turn on this feature, which often sends a code to your mobile phone or email account after you take care of factor one by entering your password. Enter the code next (that's the second factor) and you're logged in.

Unless hackers have your phone in hand, or access to your email account, only you will be able to log in.