Post Menu and Details.
Reading time: ~5 minutes
Cybercriminals are always on the prowl, it’s up to you to be vigilant
Choosing Better Passwords is difficult. From the bad guy’s perspective, the password “Open Sesame” was a reasonably strong one. In the fable, Ali Baba overhears one of the 40 thieves use it to open the mouth of a cave full of treasure, but after Ali’s older brother discovers the secret and enters the cave, Cassim can’t remember “sesame” part and perishes. At least the thieves didn’t use “Open Treasure Cave.” NordPass, in its “Worst 200 passwords of 2020” lists the top three most commonly cracked passwords as “123456,” “123456789,” and a new entry, “picture1.”
And of course, still popular as a password is the word “password.” Seriously, people? In a digital age fraught with cyber threats, weak passwords are the equivalent of hanging on a sign on yourselves that reads “hack me.” To be fair, despite they being such integral parts of our daily lives, it’s somewhat understandable that many people have terrible passwords. With so many different sites to remember passwords for, it’s easy to get lazy and go with something simple. But a password is the main sentinel guarding against the theft of your data. And for some industries – without trying to be too hyperbolic – password security is pretty much a matter of life and death. If one word could define your web security strategy it would be prevention. Prevention is better and cheaper than any cure.
Choosing Better Passwords
You see the news stories every day. Data theft, phishing schemes, denial-of-service attacks, memory corruption, malware, ransomware, and all sorts of other cyber security threats are a constant part of the internet ecosystem… but a threat is exactly that, just a threat. There is no reason you need to become a victim. With a little security mindfulness, you can prevent most cyber security threats from becoming reality. And it starts with passwords. Yet, the common bad ideas persist a ‘string pattern’ password that changes one or two letters for each specific site, family member’s names, the names of pets, or the names of celebrities or sporting teams.
If you have a Facebook page and you’re a public fan of, say, the Minnesota Timberwolves, it doesn’t take a genius to break a password such as “GoWolves.” Most of us aren’t as clever as we think we are, and we leave clues all over the place for people – and increasingly AI programs – to sift through and find. One crack in the armor is all it takes. Sensational headlines of major data breaches at major companies (that should have quality defenses) can leave some feeling hopeless. But there’s a lot you can do to create safe strong passwords, and we’re going to offer you seven tips for doing just that.
Tip 1: Think “Passphrase” not “Password.”
Your passphrase should be something that has meaning to you but is not known to others and isn’t something that can be generally guessed. The Rochester Institute of Technology offered this suggestion of how to turn a passphrase into a strong password: “the phrase ‘iced tea is great for summer’ becomes ‘!cedTisgr84$umm3R.’” –Now that’s a password that equals a serious headache for any e-criminal. The university also suggested replacing full words with substitutions such as symbols or numbers, misspelling or abbreviating words, and changing the capitalization of some letters – perhaps from a famous quote you might like. “E.g., Wayne Gretzky’s ‘You will always miss 100 percent of the shots that you never take’ becomes ‘ywAM100%ot$tyN+.’” –Another very hard nut to crack.
Tip 2: Start Using Two-Factor Authentication.
Google has probably been bugging you to set up two-factor authentication for your Gmail account for a while now, but if you’re like so many others… you’ve always been too busy to get around to it. Well, the time for it is now. Many if not most of the world’s largest websites now have two-factor authentication available in the security settings of your account – but you need to turn on the feature, set it up and use it. Two-factor identification is a massive second wall of protection that significantly cuts down on the chances of a hacker accessing your account online by combining your password with (usually) a mobile phone. In other words: something you know and something you have. If two things are required to get into an account, it’s generally not worth the effort for a hacker or cracker.
Tip 3: Carefully Consider Using a Password Management System.
Password managers are programs that help users create very complicated passwords for each site they visit, while the user only has to remember a single one. It’s a good idea but should not be considered Fort Knox. Password management companies have been hacked and seen their data stolen, demonstrating that even companies specifically dedicated to creating foolproof passwords can sometimes get fooled themselves. There are quite a few of these popular applications such as E-wallet or Kaspersky Password Manager, and it’s a very good idea to consider using one – after you read the terms and conditions.
Tip 4: Turn it Off.
This is something many may not know. You might (and should) have set up a function on your computer that asks for a password after booting up or coming out of sleep mode. However, a running locked computer is not enough to prevent the installation of a privacy-invading backdoor using an exploit tool. The much safer option is turning off your computer when it’s not in your direct line of sight. Going out for lunch? –Turn off the computer.
Tip 5: Don’t Store Passwords in Browsers.
It makes things much easier when you store your password in your browser but it’s not the best idea. Fight the urge for convenience over security as experts generally agree that there is malware available that can infect browsers and possibly compromise passwords stored in one.
Tip 5: Don’t Show People Your Password!
It’s shocking to see how many people write a password on a sticky note and put it on their cubicle wall… just above their computer. It’s also surprising how many people have a document on their computer titled “passwords” or something equally inviting. If you need to have a password hint sheet in some document, name the file something boring such as “Tax Records for Q2 2011,” and bury it in someplace where a snooper is less likely to come across it.
Tip 6: Change Your Passwords Often.
Tip number six is the one many find the most difficult to implement, but it’s an extremely wise idea. The more sensitive your data is the more often you should change the security codes for accessing that data. And, of course, it should go without saying that you shouldn’t use the same password again… or at least not for a very, very, very long time. Using a password manager can help you with this as some have functions for reminding you to change passwords every so often.
Tip 7: Stay Caught Up on Tech News (as much as possible)
Some tech news is too complex for some, but staying as abreast as possible of new developments in cybersecurity is always a good idea. Knowledge, as they say, is power. Hopefully, we are moving towards a future where much of this password rigmarole will no longer be necessary. One idea that’s gaining currency is the use of your mobile phone to log on to sites or the use of voice or fingerprint ID systems. But these things are still on the horizon, so in the meantime, implement these tips and feel safer in the knowledge that you’re doing your part.
Thank you for reading!