It’s important to continually use best practices when creating passwords because hackers are constantly trying to obtain your credentials to be sold on the Dark Web. Are you protecting your data?
Here’s a quick test. What do these seemingly random alphanumerical groupings have in common?
- 123456
- password
- 123456789
- 12345678
- 12345
- 111111
- 1234567
- sunshine
- qwerty
- iloveyou
That is a list of the top ten passwords used in 2018. Recognize any of these? If you don’t, you’re not necessarily in the clear. However, your chance of becoming compromised or hacked is far less than someone who uses one of these. If you do recognize these, you’re certainly testing your luck.
These days, it is increasingly challenging to create and remember so many passwords. If we had only one device that required a password, we could probably manage it quite easily. Unfortunately, we need one for every device we use. Most programs we need to do our jobs require them. Often sites require you to change it every few months. Therefore, it is estimated that the average person must memorize up to 191 different passwords. No wonder we often choose to take shortcuts!
The problem is over 80% of hacks are due to compromised credentials. This is when stolen username and login information are sold or traded on the Dark Web. If you’re not familiar with the Dark Web, we wrote about it here. In fact, in one month alone in 2018, Microsoft blocked 1.3 million attempts to steal this data. Otherwise, this would have led to dangerous phishing attacks, and other hacking attempts.
Recommendations
These harrowing statistics are why you hear the recommendations:
- Never use the same password twice (IT Managers report 73% are duplicated in multiple applications, opening up multiple avenues for attack).
- Don’t write them down.
- Do not share them with anyone else.
- Never use real words or known information about yourself in your passwords.
- Avoid commonly used passwords (50% of all attacks involved the top 25 most used passwords).
Pay attention to that last stat: 50% of all attacks involved the top 25 most used passwords. See what we meant when we said if you recognized anything on that list you’re testing your luck? Don’t give hackers such easy access!
Following all these rules and regulations, you’ll end up with passwords that are about 16-characters long. They will be impossible to memorize. And, unfortunately, they are still completely hackable. Yes, it would be much more difficult, of course, but where there is a will, there is a way. So, what do we do now?
Password Manager
The first shortcut is a password manager. You can store all them in one place. This makes remembering them much easier. But there you’re not out of the woods yet. The password manager is also protected by a password. If you’re utilizing a software like this, make sure that this password is especially complex. Make sure that hackers aren’t even tempted, especially in the case of a brute force attack. If possible, turn on multi-factor authentication, especially on your password manager.
Multi-factor authentication
Many sites utilize multi-factor authentication. This extra layer of protection connects to your phone, email, or other authentication source, rather than relying solely on a password. We recommend enabling multi-factor authentication wherever possible. The only caveat here is make sure your secondary authentication source is equally secured with a strong password. No sense in double protecting yourself with a wide-open source.
Random Password Generators
These sites come up with secure passwords for you. But they are typically a random jumble of letters, number, and symbols that are darn near impossible to memorize. If you’ve got a strong memory, this might be a good starting point. If you’re like most of us, this may be more challenging than it’s worth.
How to craft the best password
Use a phrase in place of random letters, numbers and symbols. Create something that’s easy for you to remember, but has no meaning to anyone else. For example I<3Fh@ck3rs43v3r!. Breaking this down, you get:
- I – I
- <3 – Love
- F – fooling
- h@ck3rs – hackers
- 43v3r – forever
This would be easy for you to remember because you understand the phrase. But it would be difficult for a hacker to decipher because it’s not made up of real words. In fact, according to HowSecurureIsMyPassword.com, it would take a hacker, no joke, four quadrillion years to crack! Check out the site to see how strong your current passwords are. There’s no time like the present to get started and change your easy-to-hack passwords to something safer. It’s always better to be safe than sorry.
Work at creating passwords that will be difficult to hack. Make sure to change them regularly. Never write them down, (especially on a Post-it Note stuck to your computer!). But most of all, make them an important part of your life. Don’t consider them a nuisance or a thorn in your side. Make a game out of creating them. Challenge yourself to be more creative each time you create one. Beat the hackers at their own game by making your password too time intensive to try and crack. You’ll reduce your chance of your information showing up on the Dark Web. Worried about your information already being available due to past weak password use? Contact us here. We’ll run Dark Web a scan that reveals your vulnerabilities.
