Passwords - Outdated and Dangerous, But Necessary?

Passwords - Outdated and Dangerous, But Necessary?

Here’s a quick test – what do these seemingly random alphanumerical groupings have in common?

  1. 123456
  2. password
  3. 123456789
  4. 12345678
  5. 12345
  6. 111111
  7. 1234567
  8. sunshine
  9. qwerty
  10. iloveyou

That is a list of the top ten passwords used last year. Recognize any of these? If you don’t, you’re not necessarily in the clear, but your chance of becoming compromised or hacked is far less than someone using one of these common phrases. If you do recognize these, you’re certainly testing your luck.

These days, creating and remembering passwords has become increasingly more challenging. If we had only one device that required a password, we could probably manage it quite easily. Unfortunately, today’s world isn’t quite as simple. In most cases, we use multiple devices, different programs, and visit sites that require us to change our access credentials every few months. It is estimated that the average person must memorize up to 191 different phrases. No wonder we often choose to take shortcuts!

The problem is over 80% of hacks are due to compromised credentials, otherwise known as stolen username and login information. This information is often traded on the Dark Web. In fact, in one single month in 2018, Microsoft blocked 1.3 million attempts to steal credentials, which would have led to dangerous phishing attacks, and other hacking attempts.

Recommendations

These harrowing statistics are why you may have seen these recommendations:

  • Never use the same password twice (IT Managers report 73% of all passwords used are duplicated in multiple applications, opening up multiple avenues for attack)
  • Don’t write down your passwords
  • Never share your passwords with anyone else
  • Avoid real words or known information about yourself
  • Stay away from commonly used passwords (50% of all attacks involved the top 25 most used passwords)

Pay attention to that last stat: 50% of all attacks involved the top 25 most used passwords. See what we meant by testing your luck?

Following all these rules and regulations, you’ll end up with codes that are about 16-characters long, impossible to memorize, and, unfortunately, are still completely hackable (much more difficult to crack, of course, but where there is a will, there is a way). So, what do we do now?

Password Manager

The first shortcut is using a manager. You can store all your passwords in one place. Although this makes remembering all your passwords much easier, you’re not out of the woods yet. The manager is also protected by a password. If you’re utilizing a software like this, make sure that this password is especially complex. This way, hackers aren’t even tempted to break into your manager account, particularly in the case of a brute force attack. If available, turn on multi-factor authentication for your manager.

Multi-factor Authentication

Many sites now either offer or sometimes require multi-factor authentication. This extra layer of protection connects to your phone, email, or other authentication source. It does not give the user access solely on a password. We recommend enabling multi-factor authentication wherever possible. The only caveat here is make sure your secondary authentication source is equally secured with a strong password. No sense in double protecting yourself with a wide-open source.

Random Generators

These sites come up with secure passwords for you, but are typically a random jumble of letters, numbers, and symbols that are darn near impossible to memorize. If you’ve got a strong memory, this might be a good starting point. If you’re like most of us, this may be more challenging than it’s worth. That password manager we mentioned earlier can come in handy by helping you keep track of these pesky hard-to-remember passwords.

How to Craft the Best Password

Use a coded phrase in place of random letters, numbers and symbols. Create something that’s easy for you to remember, but has no meaning to anyone else. For example, I<3Fh@ck3rs43v3r!. Breaking this down, you get:

  • I – I
  • <3 – love
  • F – fooling
  • h@ck3rs – hackers
  • 43v3r – forever

This would be easy for you to remember because you understand the phrase, but difficult for a hacker to decipher because it’s not made up of real words. There’s no time like the present to get started and change your easy-to-hack passwords to something safer. It’s always better to be safe than sorry.

Work on creating passwords that will be difficult to hack. Make sure to change them regularly. We recommend changing them at least once a year. Never write them down, (especially on a Post-it Note stuck to your computer). Most of all, make passwords an important part of your life. Don’t consider them a nuisance or a thorn in your side. Make a game out of creating passwords. Challenge yourself to be more creative each time you create one. Beat the hackers at their own game by making your password too time intensive to try and crack. You’ll reduce your chance of your private information showing up on the Dark Web. Worried that your information is already compromised due to past weak password use? Contact us. We’ll run a scan that reveals your vulnerabilities.

Leave a reply

Your email address will not be published. Required fields are marked *