You don’t have to say it.
We’re always talking about passwords.
That’s because passwords are your digital keys. You wouldn’t be happy with an easy to copy key for your house or car that criminals can use to steal your stuff. Why settle for inferior protection for your personal and financial information? Security professionals around the world keep talking about passwords because the number of passwords being breached on a daily basis is a huge problem and everyone who has an online account anywhere is a target.
Yes, if you are a living, breathing human being with personal or financial information stored digitally anywhere, you are a target. Why? Because every piece of personal information has a dollar value, and hackers want to use your information to make a profit. That’s why so many of them go to such great efforts to steal your information. Regardless of what you’ve seen on TV, these hackers are not kids playing harmless games, they are sophisticated criminals using your information to make money. And if they can use that information to steal money directly from you, all the better for them. The almighty dollar is the reason there are so many Phishing schemes and why hackers attack medical practices and financial institutions.
This is why we keep talking about passwords and security professionals try so hard to make you aware of the threat.
There are a variety of ways that passwords are attacked, but the five most common are:
- Password Cracking – even in 2020, some companies don’t have the greatest security, they may be storing your password in unprotected files – this is why we preach about not using the same password over and over again.
- Brute Force Attack – hackers simply run the password through a computer that multiple combinations to guess the correct password – passwords with less than 9 characters are very susceptible to this type of attack, and as computers get faster, the number of characters goes up.
- Dictionary Attack – instead of trying to crack each letter, hackers look for specific strings of characters that relate to words in a dictionary, especially common phrases – so if your password is kittensarecute it’s not secure.
- Credential Phishing – hackers craft emails and other messages designed to trick you into revealing your user name and password – these types of attacks are ridiculously effective as they prey upon people who are busy, lazy, or unaware, which is why we security professionals are always discussing awareness.
- Password Recycling – 99% of users reuse passwords and 70% recycle an an average of 8 passwords between home and work – sometimes it takes weeks or months to be alerted to a password breach, leaving every account where that password had been used vulnerable to attack.
As you can see, the collective WE can help to mitigate these threats by:
- Never repeating or recycling passwords
- Using strong passwords
- Being aware of threats
Since this blog is focusing on passwords, we’re going to focus on that middle one…
What makes a Strong Password?
This is a great question. To really understand it though, we have to know what makes a Weak password:
- Birthdays and Anniversaries
- Phone Numbers
- Names (this includes movies, TV shows, and sports teams)
- Obscuring Simple Words (P@$$w0rd! is not a strong password)
Between social media, work profiles, and general biography information on the internet, any of this information is readily available, making it easy for hackers to guess your password with some simple social engineering.
Now that we know what not to do, let’s talk about ways to go about making a strong password.
- Strong Passwords are Long – a minimum of 16 characters, preferably 20 or more (8 character passwords can be cracked in under a minute)
- Strong Passwords Utilize Mixed Case, Numbers, and/or Symbols – if everything can be found in a dictionary, it’s vulnerable
- Strong Password aren’t Obviously Personal – numbers, letters, and words you post on social media aren’t secure
- Strong Passwords are Memorable – writing down passwords is a terrible idea, it’s better if it’s something easy for you to remember
Okay, so how do we do that in two easy steps
- Use a phrase that is personal to you and thus easier to remember, i.e. timeathomewiththefamilyin2020
- And then add a little complexity and misspelled or shortened words, i.e. time@Homewiththefamn2020
This is how you make a secure password that is easy to remember. So many people are under the false impression that strong passwords are a string of random letters that no human being can possibly remember. A strong password is one you can remember without having to write it down!
In addition, here are a couple of tools that will make your life easier:
- Use Two-Factor Authentication whenever possible – this one step will virtually end the threat of credential phishing schemes
- Get a Password Manager – these programs will store your passwords securely and most will monitor breaches to alert you when there’s a problem
Since your password is the first line of defense against hackers trying to steal your information, it’s important to make it a good one.
I’ve always had a love of working with technology, being fortunate enough to have grown up with a grandfather who taught me how to fix things for myself and not be afraid to jump in and get my hands dirty. Over the last three decades I’ve worked as a technician, trainer, technical writer, and manager with small businesses, enterprise level organizations, and government, picking up a lot of skills on my journey. In addition, I’m an author, having published multiple works available online and in print.