We use them every day, and they’re crucially important -- yet, we’re often careless about them. Or we're tired of hearing about how critical they are and go into "Yeah, yeah, yeah..." mode.
Think your password is secure enough? Likely not. Experts say over 14 million Americans had at least one password breach in 2014 and violations were up 54% in 2015. Those breaches cost anywhere from $16 to $31 billion dollars – there’s no way to know for certain.
Judging by the passwords leaked in the media, people may understand the difference between strong and weak passwords, but don’t use them because strong passwords are harder to remember and type. So the most common passwords are still 123456, password, 12345678, qwerty, and 12345.
Before we review how hackers get passwords and ways to create strong ones, test your knowledge of password security in this brief quiz developed by Carnegie Mellon University.
Here are a few of the common ways hackers get passwords:
Phishing – Sending links in email, text, or messenger programs that appear legitimate and, if clicked, give them a window into your system and even your keystrokes.
Guessing – The hacker finds personal information online (at places like Facebook) and then uses sophisticated programs to run through every combination of personal information that can be turned into a password. They’re especially likely to try this in an effort to obtain access to bank accounts.
Dictionary-based attacks (aka Brute Force) – Software programs that automate the process of guessing your password using names, places, things, and other common dictionary words.
Shoulder surfing – Not all hackers are technical wizards. Shoulder surfers try to catch you entering a password in a public place like a coffee shop or airport.
Given all that, what can you do? Follow good password etiquette!
Different passwords for each account and change them occasionally - Create different passwords for each account and application. If you use only one password for everything you do online, it’s a great starting point for hackers to get into other accounts. It’s also best to use different passwords for your personal and professional accounts.
Keep passwords confidential - Never share passwords with anyone – verbally or in writing. Doing so could put your organization's data, along with individual information, at risk.
Sticky notes are for tasks and lists - Sticky notes with accounts and passwords are unwise. (Even if they’re under your keyboard!) Whether unauthorized coworkers access the accounts or thieves break into your workplace, your information is unsafe.
Enter your login and password every time - Avoid the “remember password” option on computer or websites.
Dictionary words – Avoid dictionary words in passwords. Non-words or nonsense phrases make it tougher for cybercriminals to guess your password.
Use unrelated information - Avoid using passwords that are the same as your login name or a combination of your first or last name.
Use multi-factor or two-factor authentication - Activate this security feature which uses some combination of what you know, what you have, and what you are. For example, username, password, and a code you're sent via text message or ATM card, password, and fingerprint.
Password management software - Password management software remembers all your passwords for you and some will enter passwords when you arrive at a login screen. If you use a very strong master password, it’s less likely a hacker will get your information than if you use easy to remember passwords and/or the same one for all your accounts. Read more about Password Managers here.
Following these suggestions will make your passwords more secure and easier to manage both at work and at home. And here's more about How to Create Better Passwords.