Passwords are the key to just about everything we do on our computers, from banking, to watching movies, to email and work. Imagine the horror of finding out that someone has hacked your password to get into your accounts.
Unfortunately, it happens all the time. According to the 2017 Verizon Data Breach Report, 81% of breaches are caused by stolen or weak passwords. Weak passwords are one of the easiest ways for hackers to break through security. The obvious way to protect your accounts and personal information is to create strong passwords.
What makes a password weak?
Includes personal information or common words
Too many people use passwords based on personal information or words that can be easily remembered or guessed. They run the gamut from birthdays and names of pets, to favorite movies and books that can be found by a quick search on the person’s social networking sites. The U.S. Department of Homeland Security takes security even further. They advise “not to use words found in any dictionary of any language.”
Simple and guessable words/alphanumeric combinations
In April, 2019, the National Cyber Security Centre in the UK released a list of 100,000 of the world’s most hacked passwords. The most popular password was 123456, used by no fewer than 23.2 million people. Next came a more ‘security minded group,’ the 7.7 million people who expanded their password to nine characters with 123456789; 3.8 million use ‘qwerty,’ the keys easily accessed by the left hand on a keyboard; this is followed by the 3.6 million who use ‘password’ and ‘password1.’
Using the same password for multiple accounts
This can leave your accounts vulnerable. Once a password is cracked, the hacker can easily apply it to multiple accounts. According to research conducted by Home Instead, Inc., franchisor of the Home Instead Senior Care® network, 68 percent of American seniors surveyed use a single password or re-use passwords on multiple sites.
Frequently changing/recycling passwords
It used to be recommended practice to change your passwords every 90 days. Now many believe that regularly changing passwords can actually weaken your system’s security. It’s easy to become lazy when you’re frequently prompted to change a password. The outcome? You may opt to use easier, weaker passwords or recycle old ones. Remember to create new strong passwords, whenever you decide to change them.
Creating a password with fewer than 12 characters
If short passwords are relatively easy to break, what is the desired length? A 2010 Georgia Tech Research Institute (GTRI) study reported how a 12-character random password could satisfy a minimum length requirement to defeat code breaking and cracking software. Says Joshua Davis, a research scientist at GTRI, “Length is a major factor in protecting against brute forcing a password. A computer keyboard contains 95 characters, and every time you add another character, your protection goes up exponentially, by 95 times.”
How can I protect my online accounts and activity?
Sign up for two-factor authentication
Since passwords can be lost or stolen, adding two-step authentication or 2FA to accounts provides a second layer of protection. With 2FA a user is asked to provide additional information after inputting their user name and password.
One widely used option is for an SMS, or text message, with a security code to be sent to your mobile phone. Once received, you simply enter the code onto the website, effectively confirming that it is actually you trying to access your account. Other options include voice recognition or a fingerprint, or inputting the number on your bank card.
Lengthen your passwords
The longer the password, the more secure it is. Passwords should have at least 12 characters. One easy way to expand passwords is to ‘pad’ them by inserting easy-to-remember symbols to lengthen it.
Think about adding characters like @#$* between words to effectively add more characters. Every added character makes a brute force dictionary attack much more difficult. To see how this works, check out Gibson’s Space Calculator. You can try out various password combinations to see how long it would take to crack them. You’ll be amazed.
Use all four types of characters
Use upper case letters, lower case letters, digits and symbols. Expanding the types of characters you use will vastly expand the amount of time needed to crack the password.
Use a passphrase
This is a simple strategy for creating a memorable but difficult-to-crack master password. A passphrase is a sequence of random words and characters strung together to create a password.
What distinguishes a passphrase is that it is typically longer, with at least 20 to 30 characters. By using a combination of words and/or characters that only make sense to you, it’s easy to remember. A passphrase like “Thispasswdis4myemail!” can help you remember complex passwords.
Add symbols to a favorite phrase
To increase a password’s complexity while still making it easy to remember, take a phrase, perhaps a favorite quote or expression, and convert it into symbols. For instance, “Be yourself; Everyone else is taken. — Oscar Wilde” can be translated into By;Eeit.—OW
Use a password generator
Programs such as StrongPasswordGenerator.com will create a password for you–like “&74F690y2y6uBdK”–just by clicking a button.
Store your strong passwords in a safe place
Keeping a passwords document on your computer opens up your accounts to a hacker who gains access to your computer. Instead, write your passwords down on a small piece of paper, and keep it with your other valuable small pieces of paper.
Use a password manager
Password managers are software applications that store your online credentials in encrypted digital vaults–like a bank vault, but in this case it’s a database.
The main benefit of using a password manager is that it gives you the ability to create a unique, strong password for every website and app you use—and you don’t need to remember them yourself.
Your password should have at least 12 characters. Based on 2018 technologies, this would take a hacker about one year to crack. Add a special character to the mix—@, #, $, %– and you’ve just protected yourself for another 200 years!
It’s also important to be able to access your passwords from all your devices—computer, tablet, smart phone–easily. The best password managers work on all devices, remember your passwords for you, generate strong, unpredictable passwords, and automatically log you into your secure site.
Five highly-regarded password managers
LastPass password manager is trusted by more than 17.8 million users. And it’s easy to use. Once you create a master password, simply import all saved login credentials — usernames and passwords — from Firefox, Chrome, Edge, Opera, and Safari. It then helps you delete information from your computer to keep it secure, prompting you to do little more than remember your super-secure master password.
Other free LastPass features include two-factor authentication, free credit monitoring, multiple identities, and even an auto-fill feature designed to streamline shopping. The program also stores your encrypted information on its cloud servers so that you can use LastPass on other computers. It even has a password generator to create unique passwords. Offered in both free and a premium version for $3 a month.
1Password provides a place for users to store various passwords, software licenses, and other sensitive information in a virtual vault locked with a PBKDF2-guarded master password—that is, a password that’s uniquely designed to withstand brut attacks. This password management tool includes a strong password generator, username and password storage, secure sharing, and an intuitive user interface. It even includes a service that will notify you of website breaches.
The software’s digital wallet securely saves all your personal information from logins to credit cards to network passwords. The developers are so confident in this tool’s security that they offered a $100,000 prize for anyone who could break it. 1 Password doesn’t offer a free version. Family service costs about $5 a month when billed annually.
Dashlane is intuitive and straightforward, strengthened by two-factor authentication and the ability to change numerous passwords spanning multiple sites quickly and easily. It even shares encrypted passwords with emergency contacts in case you have trouble with your account.
A free account enables you to manage up to 50 passwords and securely share up to five accounts. You’ll receive personalized security alerts. This password manager allows you to store passwords locally within an encrypted vault, or automatically sync them across your devices. With Dashlane Premium you’ll receive more features—including access to a VPN virtual private network, identity restoration and theft insurance–at a monthly cost of $5.
Keeper Security offers a range of password solutions for enterprise, business, family, and personal use. It doesn’t come in a free version but can cost as little as $2.49 per month.
This password manager uses two-factor authentication and secure file storage to keep your information protected. It provides emergency password access for five different contacts as well. Keeper also offers more flexibility than many password managers regarding the data you can store. Custom fields allow you to keep passport info, driver’s license numbers, and other important records on file.
Bitwarden is a free, open-source password manager launched in 2016. According to the company, it’s audited by independent security researchers and third-party security auditing firms.
Getting started is easy. Just create a free account by entering your email address, a master password, and then verify your email. After that, you can manually create “items” consisting of login credentials, a credit card, an identity (license, social security number, etc.), or a secure note. You’ll also find a handy password generator.
Are password managers secure?
In an article on password managers Wired Magazine counsels calm if your manager’s server is compromised. “The answer is, first, don’t panic. Normally bugs are found, reported, and fixed before they’re exploited in the wild.”
Most password managers store only encrypted data, and none of them store your encryption key. So even if someone does manage to gain access to your password manager’s servers, all the hacker will get is encrypted data.
A strong secure master password protects your password manager
When you type your master password into the password manager, it unlocks the vault containing all of your actual passwords. The basic guidelines for creating a strong master password are the same as all passwords: it should be 12 or more characters long and include the four types of characters—upper and lower case letters, symbols, and digits.
Store your master password or passwords in a secure place
Write down your passwords and store them in a safe place away from your computer.
Use different passwords for different accounts
A password manager can help you manage strong passwords—that are harder to remember—for your accounts.
Make sure account login pages are secure
They should use encryption including a URL that begins with “https” and the padlock icon. “http” is completely fine when browsing the web. It only becomes an issue when you’re entering sensitive data into form fields on a website.
If the padlock icon appears on the webpage, but not in the browser bar, it might be a graphic that a cybercriminal has embedded to make you feel secure. Do not enter any data on this site.
Stay safe. Use these tips to secure—and remember—your online passwords.
* * *
You might also like
- Local coffee shop closed? Make your favorite cup at home
- The savory side of strawberries: 6 recipes to try now
- Books for binge reading, perfect in a time of stay-at-home
Go to the BLUE HARE home page for more articles for fabulous women