Cyber Basics: Passwords That Work

Credit agency Experian conducted a study a few years ago which showed that the average person has twenty-six online accounts but only five unique passwords. Between social media, online shopping, and gaming, it can certainly feel like our lives revolve around login and password combinations.

We may all know how important password protection can be, but less understood is the ease of which our passwords can be stolen. The classic eight-character password that was once considered to be the be-all and end-all to personal cybersecurity is now laughably easy to crack. With increasing computing power and a better understanding of human behavior, hackers are learning to beat the players at this game. But fear not! We have some tips and tricks that will stop – or at least slow down – hackers from accessing your accounts.

Why passwords matter

Passwords are the first line of defense against an outside threat or hack. The longer it takes to guess a password, the easier it is for your security system to recognize a threat. Not only does a weak password put you at risk, but it can also make your entire network vulnerable. Using smarter passwords can save you time, money, and frustration; it’s an easy way for you to control your own security. Simply put, it’s easier to use a tougher password now than to deal with a hack later.

Old rules are now obsolete

The increasing availability of personal information means that using easy-to-remember passwords that include names or birthdays is dangerous. Using personally identifiable information (PII) in your password – be it a social security number or pet name – makes your password weaker.

In fact, using any word, no matter how complex, makes your password less secure. While it may be inconceivable that someone could guess that SAT vocabulary word in your passcode, computing techniques have made it easy to test words from dictionaries. In a study conducted by Deloitte, the 10,000 most common passwords would have accessed 98.1 percent of all accounts.

Replacing alphabetic characters with symbols and numbers does not confound computers either – hackers can easily replace “a” for “@” and “i” for “!”. Adding random characters to the end of a word, like “password!!!” or “abcde123”, also does little to enhance security. For the hacker, it simply means searching for mixes of common strings. Hackers running dictionaries with various capitalizations and common substitutions successfully crack two-thirds of all passwords.

Securing passwords in a few easy steps

With so many ways to get around passwords, strengthening your password may feel like a lost cause. But don’t get discouraged! To outsmart a hacker all you have to do is think like one. Taken together, the following tips can solve all your password woes.

1) Acronyms work best. The best way to develop a password is to make up a memorable sentence and then shorten it into something that seems like gibberish. Use as many combinations of uppercase letters, lowercase letters, symbols, and numbers as possible.

roma_blog_graphic

2) Aim for 14 characters or longer. The more characters you use, the more complex your password becomes. With more possible combinations, it takes much more time to hack.

3) Don’t reuse important passwords. No matter how strong your password may be, using it on multiple accounts is dangerous. Make sure your passwords are unique for important accounts.

4) Activate multi-factor authentication wherever possible. Two-factor logins (e.g., having to enter a randomly generated code texted to you in addition to your regular password) dramatically heightens your security. If possible, opt for biometrics like fingerprint scanners.

5) Reset any passwords that you have sent or received in plain text. In cases where you click the “forgot your password?” link and get an email sent to you, some organizations will send you back your password via email in plain text. This makes it easier for hackers to find your keywords. Whenever you’ve received (or sent) a password that hasn’t been encrypted, be sure to reset it.

6) Be careful with security questions. Even if your password is great, your security question can compromise it by providing some hints to hackers about what keywords to search for. Be wary of physical security on your electronic devices and don’t leave your electronics unattended – especially if you have autofill settings activated.

7) Don’t worry about updating your password regularly. While traditional theories suggested changing passwords every 90 days, new Microsoft research suggests that it’s not worth the hassle. The traditional assumption of a passive, eavesdropping hacker no longer holds. Modern-day hackers create backdoors when they hack into your network, rendering the password reset pointless. Don’t change your password unless you think that it has been leaked or compromised.

8) Consider using LastPass, 1Pass, or KeePass. These password management services help protect you from hacking and phishing. These systems work by creating encrypted and complicated passwords for each of your accounts and storing them into a cloud memory. The catch is that your LastPass account is only as strong as your master password. Although LastPass has been hacked in the past, accounts with strong passwords were not compromised. If you’re using LastPass, or any other password management service, make sure your password hint is disabled (or difficult to hack) and your e-mail password is strong as well. Both avenues create easy access to your master password – something that you want to protect at all costs.

With a little bit of effort, you can protect yourself from nasty breaches and a huge headache. Now go ahead and put these tips to the test!