You’re aware that a login password in the hands of the wrong person can jeopardize your personal information. If you use your device for work, a weak password may bring your company to its knees. After studying multiple attacks over the years, security experts have outlined best practices for password security. Even with this knowledge, many people use versions of the same convenient word or phrase for logins. We will show you some practices that can drastically reduce the likelihood of a password-related breach to your device or system.
How Hackers Exploit Weak Passwords
In 2012, LinkedIn sustained an enormous hack — the company has since tightened its security measures — of 164 million users. The hackers published the passwords, and the data was revealing. 35% of the user passwords were passwords that were already known. Some of the passwords were so ridiculously easy that even a novice hacker could guess them: Here are the top five:
123456 – 753,305 users
Linkedin – 172,523 users
Password – 144,458 users
123456789 – 94,314 users
12345678 – 63,769
The rest of the 50 most commonly used were not much better, with “abcdef,” “qwerty,” and “abc123” all being too commonly used.
But an experienced hacker won’t try guessing your password. With a relatively simple computer program, a cybercriminal can load a dictionary of passwords and have the computer try them until one works. This is referred to as a brute force attack, and if you have a common or known password, they’re liable to gain access.
How to Create a Secure Password
You might believe that the key to password security is coming up with a hard-to-guess word or phrase, and while that’s definitely part of the process, it doesn’t end there. Follow these tips to tighten your password security.
Use a Random Password Generator
If you create a password that’s easy for you to remember, the chances of having someone guess it is much greater. That’s because human beings tend to think in patterns, so your child’s name and the year they were born may be unique to you, but anyone with that info is likely to try it. A random password generator will draw from a list that includes the alphabet, single-digit numbers, and special characters to create a completely unique password. Set the length to 16 digits or more to make it extra secure.
Replace Letters and Numbers with Coded Characters
If you know you can’t commit to remembering a 16-digit random password and don’t want to store it on your computer or devices, you can come up with a longer phrase, replacing numbers and letters with special characters. You can replace a common phrase, like “give me a break,” to make it difficult to guess: “g|V3m3AbR8k3.” Use capital and lowercase letters, so your password meets the more common criteria.
Use Different Passwords for Different Purposes
You need to create password “firewalls” between different areas of your life. It’s important to understand that once someone has access to your email, they can probably get access to any account associated with that email. For instance, you may not have cared that your MyFitnessPal data was sold on the dark web in 2018, but this hack provided the highest bidders with your email and the password you used for the account. That means that all a cybercriminal needs to do is sign into your email (if you use the same password) and see what accounts are connected to that email. That could be your bank, credit cards, and more. Create strong passwords for every account and a completely unique one for your email.
Change Passwords Routinely
Get accustomed to changing your password on a monthly basis. This may not help you discover a hack, but it can possibly thwart an undetected exploit. You should, of course, change your passwords anytime you know or suspect that your account has been hacked.
Use Two-Factor Authentication
Even the most secure password can be vulnerable to a site breach that’s out of your hands. With two-factor authentication, the site requires that you acknowledge that the person trying to gain access to your account is you. That means that even if someone has your password, they will be unable to gain access to your account.
Which Password Manager is the Most Secure
One of the ways that you can create safe, hard-to-crack passwords without having to memorize dozens of individual passwords is to use a password manager on your devices. Several reputable password managers have free plans. Here are a few you can consider:
Last Pass
Keeper
Dashlane
LogMeOnce
BitWarden
These sites are easy to use and will store and manage your passwords for you. If you combine a password manager with two-factor authentication, your accounts will be relatively safe.
Password Security Tips
There is no 100% safe way to password protect your accounts. We assume a certain amount of risk every time we open a new account or purchase a new device. However, making yourself a less vulnerable target may be enough to deter a would-be hacker. Here are a few additional password security tips that will help you be a less likely target
Sites like haveibeenpwned.com allow users to see if their email addresses, phone numbers, or passwords have been breached in known cyberattacks. If you’re using an old password or you’ve had the same email address for years, test them out. You may need to retire a password or two.
Avoid repeating themes in your password. If your cracked password was your dog’s name, for instance, don’t just move on to another pet. Try to create unique passwords that have no connection to one another.
If you have a business that requires customers to log onto your site, require passwords to have a combination of uppercase letters, lowercase letters, numbers, and special characters. Consider requiring two-factor authentication for logins. Employee passwords should also have stringent requirements. If you assign a password for the first login, have your IT department require them to create a new password immediately.
A managed security service provider (MSSP), like Flagler Tech, can help you establish rigorous security protocols and make your business less vulnerable to cyberattacks.