We’re starting a new series: “Ask the Security Experts.” We’ll pose an information security question and our panel of experts will do their best to answer.

Our panel:

• Adam Hostetler, Network Engineer, Security Analyst
• Phil Grimes, Security Analyst

Our question:

There’s been a lot of attention lately about the leaking of passwords from sites like LinkedIn, Yahoo, Match.com, last.fm and others. What is the ONE THING that users of a site should do when these kinds of leaks happen? Each of you has such a wide variety of skills and focus, so what would you tell your Mom to do if she asked about this?

Adam: 
Figure out which sites you are using the same password on. Go to these sites and change them, use a unique password for each site. Keep these passwords in a password vault, such as KeePass or LastPass, with a strong master password.

Phil: 
Well, since NONE of our users should be reusing passwords, they should use their password vault tool to generate a new, strong password for the site(s) in question, change the password in their password manager, then change the password in the site itself. Also, take advantage of the password aging features of the password vault to remind you to change passwords on a regular basis. But changing the password of the affected site is the most critical thing, closely followed by NOT reusing passwords on multiple sites. 

There you have it! The bad guys will always try to find ways to cause trouble. Don’t make it easy for them. Use the tools mentioned and keep your data safe!