Combining your cat’s name with your street address number does not make a secure password. Whiskers2089 just won’t cut it. In fact, most of the “fool-proof” passwords people use are anything but. Chances are, they have made one or more of the commonly used password mistakes and, unfortunately, almost anything we do to make remembering them easier for us, makes it easier for hackers to crack them. Our brains are filled with so much information these days, it’s very tempting to take the easy path, but as a Managed IT services company, we have to let you know that this can open you up to security breaches.
What is a Weak Password?
Have you ever created an account on a website and they let you know if the password you are entering is weak or strong? This can be very helpful, but so is knowing the criteria that determines this. Here are things that as a Managed IT services company we have found keep passwords from being strong:
- Using only letters (but we are going to show you something that may get around this.)
- Using only numbers
- Not long enough
- Using personal information like your cat’s name, your birthday, or home address
- Generic terms (yes, people still use things like password123)
- Password being the same as the username
Remember, your password is a code and the more complex it is it, the harder it is to decipher.
Using One Password
Using the same password very every website is a bad idea. While it might make your life easier, it also makes life easier for those who would try and hack into your accounts. As a Managed IT services company, we know how difficult it is to deal with a hacked bank account. Imagine if all your bank accounts, credit cards, and store cards were hacked at the same time! As annoying as it may be, you really need different passwords for each account.
We all have seen prompts to store passwords when we open up new accounts or change passwords. It certainly makes life easier…until it doesn’t. It greatly increases the chances of one or more of your accounts being hacked, and, if you are using the same password on multiple accounts, it gets even easier.
Creating Strong, Secure Passwords
Here are some basic, generally accepted tips:
- Use at least 12 characters. The longer the better.
- Mix capital letters, numbers, and symbols into the passwords.
- Change your passwords at least quarterly, especially for any online banking accounts.
- Do not write these down in any way that others can gain access, and if they do, make sure they cannot understand your thinking.
There are practical and impractical ways to create safe passwords. We have all created online accounts and been given suggested passwords. Something like: FH78$5dJu#2wQhUjkL. But just try remembering passwords like this for four credit cards, two store cards, and two bank accounts!
That said, here is a new perspective: current thinking indicates that the most secure passwords are actually strings of unconnected words: transformermobiletandem or platterjockeyfences. Then add some capital letters: transFormermobilEtaNdem. We’ll explain this in more detail later.
You’re probably thinking: I have eight financial accounts; how can this possibly be practical? Or, I’m running a business. I can’t expect my employees to do that. Let’s look at some practical solutions.
This is a practical solution for many businesses as they allow you to maintain a large number of passwords as well as in depth information about your accounts. They work in the same manner as the auto-populate features that fill in your online forms by storing your login credentials for your different accounts so that when you go to these accounts, your passwords are automatically entered. An additional benefit of this type of application is that it discourages hacker attacks such as “keystroke logging” where the hacker is able to figure out your passwords by surreptitiously recording your keystrokes. It also means that once your passwords are stored inside the app, you only have to remember a single password.
Many password managers also incorporate multi-factor authentication, something that we as a Managed IT services company applaud. The best way to explain this is by example. Did you ever need to reset your password from a bank and they required you to copy a code they sent you and paste it into a blank field on your screen? This is one form of multi-factor. “Multi” means more than one way to identify you. Fingerprints and retinal scans may also be used.
Realistic Password Protection for Individuals
While in today’s world, nothing is truly 100% safe, we believe that the average person can develop a system to get almost there. Here is one method that may work for you. Just keep in mind two things: 1 – your passwords still need to be changed every three months, and, 2 – it’s still a bit of work. There is no such thing as simple password protection.
As we stated above, experts currently believe that the most secure passwords are those made of three unrelated words, like carouseltabledrum or relaxsweetfloor. Then change a couple of letters to capitals using a system so you can remember which ones you changed. Let’s say you were born in 1968. Capitalize the 6th and 8th letter so you have carouSeLtabledrum or relaxSwEetfloor. That’s the concept. Now, to put it into action, make a list of six totally unrelated words. We already are using: carousel, table, drum, relax, sweet, floor, so we will stick with these. Important: the first letter of each word must be different.
To remember these first two passwords, we are going to remember the first letter of each of the words: ctd and rsf, then for every additional password we need, do the same thing using different combos of these six: fds, tds, dsr, etc. In other words, we are using different combinations of the same six words, and capitalizing two of those letters.
Now, in your smart phone, under a fake name (that you will remember), create a list that starts with the last two numbers each of your financial accounts and ends with the three letters of that password:
You can now go to the fake name in your smart phone and you will see that the password for your credit card ending in 56 is carouSeLtabledrum.
IT security is becoming more complex by the day. Why? Because really talented cyber criminals are working day and night to figure out new ways to compromise your network and gain access to your most sensitive information, or to lock your files and hold them for ransom. At Novatech, we have been on the job for more than a quarter century, protecting small to mid-sized businesses across the Southeast. Give us a call today at 770-569-4600 so we can discuss how we can protect your business and why Novatech is the right choice.