The start of a new year brings about new resolutions.  Lose weight, exercise more, and get fit are among the most common resolutions.  But there is one resolution that should be on the top of everyone’s list this year – better password management.  

On average in 2013 a data breach involving more than 40 million passwords occurred once every three months.  The Adobe breach exposed the username, encrypted password and unprotected password hints for 150 million users.  Evernote’s breach resulted in the password reset for almost 50 million users. Living Social’s breach affected 50 million users and the data breach for the Australian dating site Cupid Media affected 42 million users.  Towards the end of 2013 researchers discovered two million login credentials for Google, Facebook, Yahoo, Twitter and LinkedIn accounts on a server.  Hackers had stolen this information by infecting users’ computers with malware known as Pony.  

 So what can you do to protect against these types of attacks?  

The first line of defense is to read the privacy policy and terms of service agreements for the websites and/or apps you are using or plan to use.  These should tell you how the company is going to protect your information.  If not, contact the company and ask.  If the company provides minimal security it would be best to not use their website or app.   You should also read customer reviews.  If the app does not have any reviews then it is best to choose another app. 

The second line of defense is to use strong passwords.  What is a strong password?  It is not a password that is listed on the “most popular passwords” list.  Every year various organizations produce this list.  Last year Adobe but their breach to good use by developing their own list of commonly used passwords.  The top three were 123456, 123456789, and password. The full list is available here.  Instead of using names or dates try using the first letter of each word in a phrase.  Or replace letters with symbols and numbers.  Also don’t forget to use both uppercase and lowercase letters.  

The third line of defense is to use a different username and password for each online account.  Right now you are probably thinking “I can barely remember the passwords I have now!”  If you use the same username and password for every account a hacker can then use your username and password to gain access to your other online accounts.  This includes financial accounts, Facebook, or Google.  In 2012 LinkedIn suffered a data breach.  The hackers used the LinkedIn usernames and passwords on the most popular websites, such as Dropbox.  The hackers were able to successfully access the accounts on multiple websites because the LinkedIn users had used the same username and password for every online account.    

To help you remember usernames and passwords you can write them down on a piece of paper and secure it in a locked file cabinet or create a file in your computer that is encrypted, password protected.  There are also apps to store usernames and passwords on your smartphone.    

The forth line of defense is to frequently change your passwords.  Every three months is ideal.  Every six months is acceptable and once a year is the minimum.  

Just like with any New Year’s Resolution it will take some time and practice before it becomes a habit.  It will take extra effort but the payoff will be significant.  It is much easier and less expensive to be proactive rather than reactive when it comes to protecting your privacy.  So what are you waiting for?  Start today!  

Carrie Kerskie is the president of the Kerskie Group and founder of the Association of Certified Identity Theft Investigators, and highly sought-after speaker, trainer and consultant specializing in identity theft restoration, data privacy and intellectual property investigations. She is also the author of the book, Your Public Identity; Because Nothing is Private Anymore. You can read more about Carrie and what she does at her website, http://carriekerskie.com/.