Are You Making These 8 Password Mistakes?
All you have to do is scan the headlines to know cybercrime is on the rise. Which means now is a great time to review your online security measures. Precautions such as using two-factor authentication, shopping carefully online, and keeping your antivirus software updated are all important, but perhaps the number-one thing you can do to stay safe online is make sure your passwords are strong.
Did you know people with nefarious intentions can crack your passwords in several ways? One is simply by guessing. Consider that many people still use "1234," "password," and the like. These types of passwords are easy to guess and therefore weak defenses against possible online intrusions. But because so many people still use them, hackers with enough time and motivation can often guess passwords, either with no tools or with specialized software programs. They can then try that password on other accounts held by the same person and — because many people reuse their passwords across multiple accounts — it often works.
Another strategy used by hackers is known as phishing. They set up a false URL and lure you to the site by sending you a link to it in an email message. When you "log in" to the site, the hacker gathers the credentials you enter. If the credentials are to your email account, the hacker can look at your emails to see what other accounts you use and try to break into them as well.
Unfortunately, there's no such thing as a password that's 100 percent foolproof. However, there are ways to put the odds in your favor. Read on to discover what password mistakes you might be making and how to fix them.
Take Action if You're Making These Mistakes
1. Your password can be found in the dictionary. A software program can go through the entire dictionary very quickly, so this type of password is the easiest to crack. If you must use this strategy, at the very least do things like change the S's to 5s, randomly capitalize letters, or string together several words. For example, create a password like "caRtRuckhou5e."
2. Your password contains personal information. Things like your birthdate, name, and address are easy to guess, even if you tack extra numbers or other characters onto them. Other easy-to-guess information includes your spouse's name or birthdate, your anniversary, your kids' names, and your pets' names. While you're at it, remember to not use this information in security questions either. Instead, make something up for your mother's maiden name, the elementary school you went to, and so on.
3. Your password is all lowercase letters. Passwords that are varied — with lowercase and uppercase letters, numbers, and special characters — are much harder to guess. While you're creating more complex passwords, also remember to not just tack on the uppercase letters, numbers, and special characters at the end; instead, spread them throughout the password. Remember, the more you can do to increase the complexity of the password, the better.
4. You always use the same password. If you do this, you make it easy for a hacker who's accessed one of your accounts to access more of them. Yes, it's harder to remember more passwords, but worth the hassle for the added security. Plus, you can always use a service like Dashlane (dashlane.com), 1Password (1password.com), or LastPass (lastpass.com) to remember your passwords for you. Ask your Internet Service Provider if a password manager is available as an optional service with your internet plan.
5. Your passwords are short. Passwords that are 12 characters or more are harder to guess. If you do need to rely on memory, try making the password meaningful to you by having it stand for parts of a sentence you can remember, such as, "I lived on 52nd Avenue when I was five years old," which could be represented by "ILO52ndavWIW5YO."
6. Your passwords follow patterns. Studies have been done about password creation patterns, and most people follow just a few, such as one uppercase letter followed by several lowercase letters followed by two numerals, such as "GOthrones17." For the greatest security, alter the patterns you use, so an alternative could be "go1ThroNe7S."
7. You never change your passwords. Hacked information might sit for some time before being put to use. For this reason, experts say you should change your passwords every six months, especially for banking and other financial accounts. This practice also gives you the opportunity to update to a more secure password each time.
8. You leave your passwords visible or share them with others. Never leave passwords taped to your computer or in other locations where others might think to look, such as under your keyboard or in a nearby desk drawer. Also, as much as you might trust someone else with your password, they could inadvertently lose it or give it away.
Alarming Statistics on Cybersecurity
As attacks become more common, cybersecurity must become more robust. If you're not yet convinced of the need to take proper precautions, check out these statistics drawn from an extensive list compiled by ITSP Magazine.1
- Hackers attack every 30 seconds.
- One in three Americans were hacked in the past year.
- One billion accounts and records were compromised worldwide in 2016.
- Over 75 percent of the health care industry has been infected with malware over the past year.
- Based on an identity theft study, $15 billion was stolen from 13.1 million U.S. consumers in 2015.
- The federal government proposes to spend $19 billion on cybersecurity in 2017.
- Over 200,000 cybersecurity jobs in the U.S. are unfilled.
- The top cyber threats in 2016 included social engineering and inside threats.
- More than 4,000 ransomware attacks have occurred since the beginning of 2016.
1Chuck Brooks, ITSP Magazine, "Keep Calm And… Here Is A List Of Alarming Cybersecurity Statistics," https://itspmagazine.com/from-the-newsroom/keep-calm-and-here-is-a-list-of-alarming-cybersecurity-statistics, accessed July 30, 2017.
When a Password Alone Isn't Enough
Many websites that require a password are now also requiring a second form of identification before allowing you access to your account. This process is known as two-factor authentication. Here's how it works: You go to your account website and enter your login name or email address and then your password. You receive a four-digit code on your smartphone, and you enter that code into the site as well. Only then are you able to access your account.
The process ensures that only a legitimate user (that is, only someone with access to your smartphone) will be able to log in to the account. Other forms of two-factor authentication include your password plus access to a particular email account, supplying answers to secret questions, or biometric factors (such as your fingerprint).
Use of two-factor authentication has risen considerably in the past year, but not all companies employ it or make it mandatory. If two-factor authentication is optional with companies you patronize, it's worth using it, particularly for high-value accounts like banks and other financial institutions.