The National Privacy Commission (NPC) is recommending that Internet users change the passwords of their email and social media accounts as part of their new year’s resolutions. According to Privacy Commissioner Raymund Enriquez Liboro; “Regularly changing your passwords for online accounts such as email and social media is one of the most basic and easiest ways of protecting your data privacy.”
The Privacy Commissioner said this after it was recently revealed by Yahoo that more than 1 billion user accounts were compromisedfrom a data breach that happened in August of 2013. The breach is now considered the largest email data breach in history. Sensitive personal data were compromised including email addresses, dates of birth and telephone numbers that can be used in identity theft and phishing scams. The breach much was bigger than the data breach in 2014 of around 500,000 user accounts that was only announced by Yahoo in September of 2016.
“If you use Yahoo for email or other yahoo online services, we suggest that you not wait until the end of the year to change your account credentials, but instead change them as soon as possible.”, Chairman Liboro said. “Email is usually the means social media services such as Facebook confirm your identity, if your email is compromised, there is a chance that your social media accounts are compromised as well, and criminals could use confidential information there to commit cybercrimes directed at you or the contact list on your email and social media accounts.” Liboro added.
In the Philippines, personal data breaches must be reported to the NPC within 72 hours from their discovery, this is according to the Implementing Rules and Regulations (IRR) of the Data Privacy Act (R.A. 10173) issued by the Commission in August of this year.
Other than password changes the NPC is also recommending that Internet users utilize two-factor authentication for confirming their identity. Two-factor authentication is when Internet services send a text message or a code to your mobile phone to confirm who you are instead of just sending an email. Email providers sometimes use this feature when someone accesses their account from an unfamiliar IP address or device.
Best practices in changing passwords include:
- Don't re-use passwords. One ultra-secure one won't be any good if someone finds it.
- While combining upper and lower case passwords with numbers to alter a memorable word - M4raD0na - is often advised, these are more easily cracked than you might think.
- Make a memorable, unusual sentence: “Ako ay isang responsableng mamamayang Pilipinong internet user (aa1-rmpiu).”
- Changing passwords to passphrases like: “AskalsAreTheBestTeamInAsia”- dramatically improves security. Each additional character increases the number of possible combinations exponentially, making it virtually impossible to crack.