It’s been a few weeks since we’ve discussed passwords. In that short amount of time we’ve learned that:
- 91% of people know that password reuse is insecure, yet 75% do it anyway
- 73% of people reuse work passwords for personal accounts
- 49% of employees use the same password repeatedly and change a single digit at the end when they are forced to update it
- There has been a 300% increase in stolen credentials over the past 2 years
- Microsoft announced that there are currently 44 million accounts vulnerable to takeover due to stolen passwords
- Stolen passwords account for 81% of hacking data breaches
We know it’s wrong to reuse passwords and that there are some pretty severe consequences – so why do we do it?
The answer is pretty simple. We’re afraid of forgetting our passwords. That’s it. There’s not some big conspiracy, it’s merely a fear of forgetting. And cybercriminals rely on this, preying on the vulnerabilities caused by poor password habits.
If the problem is poor password habits, how do we fix it?
Practice Good Password Hygiene
Let’s be honest. If we look at that first stat – 91% of people know that password reuse is insecure, yet 75% do it anyway – it’s painfully obvious that nothing we say here is going to change the world. For people to change their behaviors, they have to want to change. For this reason, companies are always looking at ways to make their passwords more secure, whether it is forcing password changes, adding two-factor authentication (2FA), or security awareness training and tests.
Outside of this, if you are one of those who are concerned about Protecting Your Digital Identity, then you will want to Practice Good Password Hygiene.
What does this mean exactly?
As the recent pandemic has shown us, washing your hands is important. By the speed at which soap and hand sanitizers disappeared off grocery store shelves, it is apparent that many people needed to learn to wash their hands properly. Or is it? Psychologists suggest that it was a fear of the unknown and a need to take some control of the situation, that caused this reaction.
Password hygiene is all about taking control of this increasingly dangerous cyberworld and protecting your digital identity. The thing is, there’s no reason to wait for fear or a crisis. We can manage our password security by following five simple rules – there are seven rules for washing your hands, so this is even easier.
Password Hygiene Rules
We talk about this a lot. The best practice for creating a Strong Password is to use a phrase that’s at least 16 characters long, is easy to remember, not composed of dictionary words, such as: time@homewithethefamn2020
Why is this Important? When it comes down to it, the two most important factors to a strong password are length and memorability. Brute force attacks can crack an 8 character password in around 30 seconds. Writing down passwords makes them extremely vulnerable to social engineering. A password that is 16 characters long that you can easily remember is a secure password.
Seriously, just don’t. This is the worst habit to get into, but some of us are still going to do it. So, let’s start with this. The goal is to use a unique password for all sites, but if you need someplace to start, it’s especially important for:
- work email
- personal email
- bank accounts
- work accounts
Why is this Important? You could be the best at avoiding phishing scams and making strong passwords, but data breaches happen. If that superhero message board you enjoy gets hacked and you’re using the same password for it as for your personal or work accounts, you have just opened the door to welcome in the hackers.
This one is a no-brainer. There is no single technology more effective at combating credential-stealing scams than 2FA. By requiring a pin, phone call, push, etc., even if hackers get your username and password, they won’t be able to gain access to your account.
Why is this Important? We know that hackers are willing to pay handsomely for stolen credential lists, and between phishing scams and data breaches, your information has never been more vulnerable. 2FA continues to protect you even after your credentials have been exposed. While this doesn’t negate the need for a strong password, it does make the account safer. Of course, not all services offer 2FA, so if you’re reusing passwords those accounts are still vulnerable.
Remember we said that the primary reason people reuse passwords is that we’re afraid of forgetting them?
Do you know what a Password Manager does? It stores your passwords.
Do you see where we’re going with this? By using a Password Manager, you never have to worry about losing your password.
Why is this Important? The average person uses 191 services that require passwords. There is no way you are going to remember a unique password for every one of them (yes that is a challenge, prove me wrong). With the number of secure, easy to use, and free (persona) or low-cost (business) Password Managers available, the piece of mind these provide alone make them worthwhile.
Having a good antivirus program is like hiring a guard to watch over your computer to keep intruders out. The point of having Good Password Hygiene is to keep the hackers out, but a single piece of malware can undo all that good work.
Why is this Important? Any computer that doesn’t have an Antivirus program on it is vulnerable. Malware can encrypt your files and lock you out, spy on you, steal your information, even record everything that you do. It doesn’t matter how great your password habits are if a hacker can install malicious code on your computer, they can bypass all of that security and go straight for your finances or files.
It’s Worth It!
Hackers are out there and they want your information. This is not paranoia, hyperbole, or propaganda. There are new lists of stolen credentials sold on the dark web every day and sometimes it’s months between when a data breach occurs and when it’s discovered. We can’t rely on others to keep our credentials safe, so having good Password Hygiene could be the only thing that stands between your digital identity and the hackers.
I’ve always had a love of working with technology, being fortunate enough to have grown up with a grandfather who taught me how to fix things for myself and not be afraid to jump in and get my hands dirty. Over the last three decades, I’ve worked as a technician, trainer, technical writer, and manager in small business, enterprise organizations, and government. In addition, I’m an author, having published multiple works available online and in print. You can find my creative work at https://WritingDistracted.com