The National Privacy Commission (NPC) said it is recommending that Internet users change the passwords of their email and social media accounts as part of their new year?s resolutions.
?Regularly changing your passwords for online accounts such as email and social media is one of the most basic and easiest ways of protecting your data privacy,? said NPC commissioner Raymund E. Liboro.
Liboro made the suggestion after it was recently revealed by Yahoo that more than 1 billion user accounts were compromised from a data breach that happened in August of 2013.
The breach is now considered the largest email data breach in history. Sensitive personal data were compromised including email addresses, dates of birth, and telephone numbers that can be used in identity theft and phishing scams.
The breach much was bigger than the data breach in 2014 of around 500,000 user accounts that was only announced by Yahoo in September of 2016.
?If you use Yahoo for email or other Yahoo online services, we suggest that you not wait until the end of the year to change your account credentials, but instead change them as soon as possible,? Liboro said.
?Email is usually the means social media services such as Facebook confirm your identity. If your email is compromised, there is a chance that your social media accounts are compromised as well, and criminals could use confidential information there to commit cybercrimes directed at you or the contact list on your email and social media accounts,? Liboro added.
In the Philippines, personal data breaches must be reported to the NPC within 72 hours from their discovery, this is according to the Implementing Rules and Regulations (IRR) of the Data Privacy Act.
Other than changing passwords, the NPC is also recommending that Internet users utilize two-factor authentication for confirming their identity.
Two-factor authentication requires Internet services to send a text message or a code to your mobile phone to confirm who you are instead of just sending an email. Email providers sometimes use this feature when someone accesses their account from an unfamiliar IP address or device.
The NPC said other best practices in changing passwords include:
? Don’t re-use passwords. One ultra-secure one won’t be any good if someone finds it.
? While combining upper and lower case passwords with numbers to alter a memorable word — M4raD0na — is often advised, these are more easily cracked than you might think.
? Make a memorable, unusual sentence: ?Ako ay isang responsableng mamamayang Pilipinong internet user (aa1-rmpiu).?
? Changing passwords to passphrases like: ?AskalsAreTheBestTeamInAsia? — dramatically improves security. Each additional character increases the number of possible combinations exponentially, making it virtually impossible to crack.