Understand the importance of password safety. Every time Americans tune into the Nightly News and hear about the latest cyber attack, it sends millions of us to our computers to check and change our passwords. That’s because while most of us know we should use a unique username and password combination for each and every online account, we don’t. The reasons vary from sheer laziness to forgetfulness. After all, we’re only human, right?
Here are a few password protection facts and tips on how to create a secure presence for yourself online.
Tip #1: Create a Strong Password to Protect your Online Accounts
- Include punctuation marks and/or numbers
- Mix capital and lowercase letters
- Make an acronym from a phrase
- Include phonetic replacements, such as LIV4KATZ. Be creative with these—password hack software can detect them
- Use substitutions like the number zero for the letter ‘O’ or ‘3’ for the letter ‘E’
- Try a passphrase with more than eight characters (eight character passwords are no longer good enough)
FACT: Passwords are easily hacked because most humans follow similar patterns:
- 50% chance that a password has at least one vowel.
- Numbers that are used in passwords are usually the numbers ‘1’ or ‘2’ and are placed at the end of the password.
- Capital letters are usually at the beginning and are followed by a vowel.
- Women use personal names for passwords frequently.
- Men use their hobbies for passwords frequently.
- Most common symbols used are —~@#$%&?
Tip #2: Avoid a Weak Password, Don’t:
- Reuse the same password for at least a year.
- Use the same passwords for multiple accounts.
- Use a password with Personal Information (name, birth date, etc.).
- Use keyboard patterns (QWERTY, ASDFG) or sequential numbers (12345).
- Make your password all numbers, uppercase letters or lowercase letters—Mix it up!
- Use repeating characters (444FFF).
FACT: Creating a passphrase is an easier and better way to choose a password. So what exactly is a passphrase?
- A passphrase is typically 20 to 30 characters long.
- Three or more words is ideal.
- For maximum security, switch the order of words in the phrase.
- Passphrases are often easiest to remember. A random sequence of words can be easier to recall than an acronym or series of numbers.
Tip #3: Use a Password Generator to Develop Strong Passwords
- If you’re having trouble coming up with a strong password, use a free and trusted password generator like Symantec’s Secure Password Generator.
- The generator will randomly select letters, numbers, punctuation and symbols. You can choose the number and types of characters to include.
FACT: 66% of people online utilize only 1 or 2 passwords for all of their accounts.
Tip #4: Use Password Strength Tools to Help You Create the Best Passwords
- If you’re unsure about the quality of your password, run it through a strength test.
- Microsoft’s Password Checker is free and easy to use.
- BEWARE, however, of entering your password into untrusted sources online. These sites could be phishing for your passwords and stealing them from you.
FACT: The worst passwords remain relatively consistent from year-to-year.
Tip #5: Need Help Remembering Passwords? Use reminders or password managers.
- Maintain a list of password reminders. Never write down the password itself. Instead, use a prompt, for example, “My childhood dog” would help you remember F!d0th3W0nDeRfUL
- Online Password Managers like LastPass, KeePass, Roboform and IPassword keep multiple passwords accessible and secure with one strong password. Many of these can be accessed via mobile devices so you have your passwords with you wherever you go.
FACT: The average internet user has 25 online accounts, 6.5 passwords and waits an average of 3.1 months before changing passwords.
Tip #6: Keep Your Password Secure
- Never reveal your password to anyone.
- Test and change your password regularly.
- Be suspicious of links asking for a logins, passwords, or personal information. If you’re unsure if the site is legitimate, type in the URL manually before entering account information.
- Call any company that emails you seeking personal information. Legitimate companies will never request personal information from you via email.
- Always log off especially if your device is turned on around other people. Password theft can happen in an instant.
- Don’t type your password into public computers (at business centers, hotels, coffee shops, etc.) MALWARE is rampant among public computers and the likelihood that your password is stolen is much higher.
FACT: A computer loaded with the latest virtualization software and high powered graphics cards can now crack an eight-character password in 5 1/2 hours.
Time to check your security controls? Schedule a penetration test.
Review your security strategy to address your changing working environment and risk profile.
HALOCK is a trusted risk management and information security consulting firm headquartered in Schaumburg, IL in the Chicago area servicing clients on reasonable security throughout the United States.