STOCKTON — Cloudflare revealed Feb. 24 that a bug in its code caused sensitive data to leak from some of the 5.5 million websites that use its performance enhancement and security services. Cloudflare hosts Uber, Fitbit, OkCupid and thousands of others.
It was not immediately clear what the damage would be from the security flaw now named “Cloudbleed.”
It’s the latest major data breach, and one that had tech experts urging users to change their passwords and turn on two-step verification for services that support it.
On Feb. 9, Google spokeswoman Jamie Hill visited Poet-Christian Elementary School in Tracy as part of the company’s Online Safety Roadshow. The security information she shared is useful for adults as well:
Don’t use common passwords
You’ve probably heard it a thousand times, but “password,” is a lousy password. So is “1-2-3-4” and “letmein,” Hill said.
According to security firm, SplashData, the worst passwords for 2016 included sequential numbers, “password,” “football,” “princess,” “qwerty,” and the ironic password, “welcome.”
Minimum eight characters
Long passwords are strong passwords, Hill explained.
The best passwords are “eight or more characters, a mixture of letters, numbers and symbols,” she said.
Make it memorable but not guessable
To limit damage from a security breach, it’s best to have different passwords for each account and device. That makes keeping track of them difficult, so Hill suggests using a phrase you’ll remember and then changing it up for each account.
“For students today, we recommended picking their favorite song title or book title or sports team and building a pass phrase off of that,” she said.
Don’t be phish bait
To keep safe from online scams, Hill reminds users not to click on links in emails from someone you don’t recognize. Such links can be used to launch viruses.
Also, if you receive an email asking you to provide or confirm private information, delete it. Reputable companies don’t ask for bank or credit card information via email.
Passwords aren’t just for email and websites. They also help secure devices. Some people find locking their devices inconvenient, but Hill said that can leave you vulnerable.
“Unfortunately, too many people don’t have their phone or tablet or device on auto-lock and will leave their device sitting around, and that can, again, put them at risk,” Hill said.