Passwords protect everything: your client’s data, your social interactions on Facebook or Twitter, your financial well-being, and even your friend and business networks. They are the digital keys to each facet of your life, and in many ways, the powerful safeguards of your business and social integrity.
Unfortunately, passwords may be a loose thread, where one compromised password gives access to an account that can be used to access unrelated, personal accounts. With one breached password and knowledge of other personal information, criminals can tug and tug on that thread to let loose the entire fabric of your personal network.
How is it Done?
Outside of phishing attempts and spyware, hackers may use a password-cracker to gain access to your personal keys. This sort of brute force entry uses multiple combinations of characters repeatedly until it gains access to the account. The shorter and less complex your password is, the quicker the program will find the correct combination of characters. The longer and more complex your password is, the less likely hackers will be to attempt brute force entry because of the amount of time involved and the low chance of success.
Instead, they may turn to a dictionary attack or rainbow table, where a program will cycle through a predefined list of words commonly used in passwords. Knowledge of personal information or access to security questions will make the attack far more specific and thereby effective.
Tips for a More Secure Password
- Do use abbreviated passwords or phrases. For example, abbreviating a memorable phrase like I want to go to Paris to Iw2g2p offers a complex, yet memorable passphrase. Add punctuation to add complexity: @Iw2g2p!.
- Do use a combination of uppercase and lowercase letters, symbols, and numbers.
- Do change your passwords regularly. According to a 2015 study by Telesign, 21% of people use passwords that are over ten years old. That means you created your password when Casino Royale came out, and Nintendo Wii became a thing. What’s more, 47% of people use passwords that are at least five years old. That means the passwords you created when #Linsanity and #KONY2012 were hitting the internet are the same today. Yikes.
- Do use two-factor authentication whenever possible. (See below for more information.)
- Don’t write your password down, share them over text, or let anyone see you log into your devices.
- Don’t use a derivative of your name, family member’s names, social security number, birthday, or addresses. “12345” or “qwerty” are also easily hackable.
- Don’t use the same password across multiple websites. If remembering passwords is a challenge, consider using a password management system.
One Password to Rule Them All
According to same 2015 study by Telesign cited above, 73% of online accounts are guarded by duplicate passwords. On average, only six unique passwords are used to guard twenty-four online accounts. That’s no surprise—having to memorize 10-20 variations of the same password is extremely inconvenient.
That’s where a password manager comes in. A password manager is a program that securely saves your passwords via encryption in one convenient location, storing all your passphrases in a “fault” accessed only by a master password. This way, only one password, albeit an especially strong encryption, is necessary. Let’s apply the same logic from our first password building tip above, but with a longer phrase for your master passcode: You may say I’m a dreamer, but I’m not the only one; I hope someday you’ll join us, and the world will be as one, yielding YmsIad,bIntoo;Ihsyju,atwwbao. These master-vaults are not infallible, of course, but they are far safer than jotting down your passwords on sticky notes or in the notepad on your cell phone.
Two-factor authentication offers a valuable extra layer of security, forcing those with mal-intent to require more than just a username and password. 2FA requires the user to have two out of three credentials before gaining access. The three are:
- Something you know, such as a PIN, a password, or a pattern
- Something you have, such as a debit card, a cell phone, email address, or a fob
- Something you are, such as a biometric fingerprint, retina scan, or voiceprint
Your ATM card is one such example, requiring both your physical debit card and a PIN. Twitter, Apple, Google, Microsoft, Facebook, Amazon, and most banks offer 2FA, but clients often fail to take advantage of the added security. It’s not too late to take advantage of the 2FA abilities of your most used services today.
Though none of these measures can guarantee that you or your company will remain secure, these tips can guarantee that your access points present a formidable defense against hackers. Whether you are seeking to prevent a cyberattack, or attempting to recover from a breach, it’s not too late to incorporate these strategies to strengthen your security posture.