Keeping Confidential Personal Data Out of Hackers' Hands

The numbers sound abstract: hundreds of millions of email addresses and other types of personal identification found in the hands of Russian hackers.

For people worried that they are caught in the mix, however, the discovery by Hold Security of a huge database of stolen data is highly personal. But personal does not mean helpless. There are common-sense steps everyone can take to keep the effect of hackers to a minimum.

Q: How do I know if my personal information is part of the stolen material?

A: Assume it is. The latest breach is enormous, and similar attacks and smaller thefts are happening all the time.

Hold Security is creating a tool to allow consumers to see whether their records have been stolen, but the company is not certain when it will be ready.

At this point, it is wisest to improve your online security immediately.

Q: Let me guess: I should change my password?

A: The first step, as always, is to change passwords for sites that contain confidential information like financial, health or credit card data. Do not use the same password across multiple sites.

Q: How do I create stronger passwords?

A: Try a password manager like LastPass, or Password Safe, which was created by the security expert Bruce Schneier.

These services create a unique password for each website you visit and store them in a database protected by a master password that you create. That sounds dangerous, but password managers reduce the risk of reused passwords or those that are easy to decode.

If you must create your own passwords, make sure they are not based on dictionary words. Even a word obscured with symbols and numbers can be cracked relatively quickly.

Schneier suggests creating an anagram from a sentence, and using symbols and numbers to make it more complicated. For example, the sentence "One time in class I ate some glue" could become "1TiC!AsG."

Create the strongest passwords for the sites that contain the most sensitive information and do not reuse them anywhere.

Q: Are passwords enough?

A: Passwords are not enough. If a site offers additional security features like secondary or two-factor authentication, enable them. Then, when you enter your password, you'll receive a message (usually a text) with a one-time code that you must enter before you can log in.

Many bank sites and major sites like Google and Apple offer two-factor authentication. In some cases, the second authentication is required only if you're logging in from a new computer.

Q: How can I stop my information from being stolen in the first place?

A: Increasingly, you cannot. Regular monitoring of financial records can help minimize the damage if someone gets your information. But only the companies storing your personal data are responsible for securing it. Consumers can slow down hackers and identity thieves, but corporate computer security and law enforcement are the biggest deterrents.

© 2014 New York Times News Service