We all agree that the Passwords we use daily are a necessary evil. Without them, anyone could operate our personal and business devices. But, sometimes, remembering them is a chore. That’s why we take shortcuts when creating them. We’ll also re-use them for emails, devices, and bank accounts. In this blog, we’ll discuss the many risks this may cause and offer a few suggestions on protecting yourself.
Here’s a quick test – what do these seemingly random alphanumeric groupings have in common?
This is a list of some of the most popular ones used. Recognize any of these? If you don’t, you’re not necessarily in the clear. However, your chance of becoming compromised or hacked is far less than someone who uses one of these passwords. If you do recognize these, you’re certainly pushing your luck.
We all know that creating and remembering them has become increasingly challenging. If we had only one device that required a password, we could probably manage it quite easily. But with every device we use, most programs we need to do our jobs, and sites that require you to change it every few months, it is estimated that the average person must memorize up to 191 different passwords. No wonder we often choose to take shortcuts!
The problem is, however, over 80% of hacks are due to compromised credentials. Otherwise known as stolen usernames and passwords, this information is often traded on the Dark Web. And hackers work every day to steal your info. In one month alone, Microsoft blocked 1.3 million attempts to steal password data. If these attacks had been successful, they would have led to dangerous phishing attacks, and other hacking attempts.
These harrowing statistics are why you hear these recommendations:
- Never use the same password twice (IT Managers report 73% of all passwords used are duplicated in multiple applications, opening up for numerous avenues of attack)
- Don’t write down your passwords
- Never share your passwords with anyone else
- Don’t use real words or known information about yourself in your passwords
- Avoid commonly used passwords (50% of all attacks involved the top 25 most used passwords)
Pay attention to that last stat: 50% of all attacks involved the top 25 most used passwords. See what we meant when we said if you recognized anything on this list, you’re pushing your luck.
By following all these rules and regulations, you’ll end up with passwords that are about 16-characters long. They’d be impossible to memorize. Unfortunately, they would still be hackable. Much more difficult to hack, of course, but where there is a will, there is a way. So, how do they protect ourselves? Let’s take a look at some safety tips.
The first approach is using a manager. You can store all of them in one place. This option will make accessing all your passwords much easier, but you’re not out of the woods yet. The tricky part is, your manager itself is password protected. If you’re utilizing a program like this, make sure your passwords are complex. That way, hackers won’t be tempted to attack. If possible, turn on multi-factor authentication, especially on your manager.
Many sites utilize multi-factor authentication. This extra layer of protection connects to your phone, email, or another authentication source, rather than relying solely on a password. We recommend enabling multi-factor authentication wherever possible. The only caveat here is to verify your secondary authentication source is equally secure with a strong password. No sense in double protecting yourself with a wide-open source.
Random Password Generators
These sites come up with secure words for you. However, they are typically a random jumble of letters, numbers, and symbols and nearly impossible to memorize. If you’ve got a strong memory, this might be a good starting point. But if you’re like most of us, this may be more challenging than it’s worth.
How to craft the best password
Use a “Password Phrase” in place of random letters, numbers, and symbols. Substitute symbols or numbers for letters. Create something easy to remember that has no meaning to anyone else. For example, I<[email protected]! Breaking this down, you get:
- I – I
- <3 – Love
- F – fooling
- [email protected] – hackers
- 43v3r – forever
This wouldn’t be that difficult to remember because you understand the phrase. But it’s difficult for a hacker to decipher because it doesn’t contain real words. There’s no time like the present to get started and change your easy-to-hack passwords to something safer. It’s always better to be safe than sorry.
You’ve got to work at creating words that are difficult to hack. Make sure to change them regularly. Never write them down (especially on a Post-it Note stuck to your computer!). But most of all, make passwords an important part of your life. Don’t consider them a nuisance or a thorn in your side. Make a game out of creating passwords. Challenge yourself to be more creative each time you create one. Beat the hackers at their own game by making yours too time-intensive to try and crack, and you’ll reduce the chance of your information showing up on the Dark Web.
Worried about your information already being available due to past weak password use? Contact us. We’ll run a scan that reveals your vulnerabilities.