A common question I ask when giving presentations on computer security, I ask how many people have changed their password for the personal e-mail accounts in the past year.  In the corporate world, you can control how often a user has to change their corporate password at work.  Most answers I get back from the question about their personal password on their e-mail accounts is that they never have or maybe one time they did a couple of years ago.

Now lets think about an attacker who compromises your home PC.  He has a keylogger (a program that records a users keystrokes and sends them back to an attackers evil server) and they have recorded you typing your personal e-mail account.  OK, now lets think.  If you happen to bank at a large national bank, you have a PayPal account, you have an eBay account and many other common online accounts that a criminal attacker might be able to take over for his nefarious activities.  Do you have user name and passwords that are common to your personal e-mail account?  Am I making you think about changing your password and using different user names and passwords for other accounts?  Hopefully so.

Lesson learned here is to change your password and don’t share user names and passwords with other financial accounts that you might have.  Think about using a strong password by using upper, lower, numbers and special characters to create a strong password.  Use a password that is actually longer than 8 positions long.  Use something like a pass phrase that will be easier for you to remember.

Hope everyone’s weekend is going great and stay safe out there.