Most people don’t realize how many techniques there are that can be used to crack passwords. More importantly, they don’t know the many ways we make our accounts vulnerable because we use simple and widely used passwords. Remember that a strong password is your first line of defense against intruders and imposters. As we approach the conclusion of National Cyber Security Awareness Month, we hope you’ll take another look at your collection of passwords and pledge to access your accounts with ones that make sense to you, but not to others.
How you might get hacked
Dictionary attacks: avoid consecutive keyboard combinations – such as qwerty or asdfg. Don’t use dictionary words, slang terms, common misspellings, or words spelled backwards. These cracks rely on software that automatically plugs common words into password fields. Password cracking becomes almost effortless for fraudsters.
Cracking security questions: Many people use first names as passwords, usually the names of spouses, kids, other relatives or pets, all of which can be deduced with a little research. When you click the ‘forgot password’ link within a webmail service or other site, you’re asked to answer a question or series of questions. The answers can often be found in your social media profile.
Simple passwords: Don’t use personal information such as your name, age, birth date, child’s name, pet’s name or favorite color/song. When 32 million passwords were exposed in a breach last year, almost 1% of victims were using 123456. The next most popular password was 12345. Other common choices were 111111, princess, qwerty and abc123.
Reuse of passwords across multiple sites: Reusing passwords for email, banking and social media accounts can lead to identity theft. Two recent breaches revealed a password reuse rate of 31% amongst victims.
Social engineering: Social engineering is an elaborate type of lying. An alternative to traditional hacking, it is the act of manipulating others into performing certain actions or divulging confidential information.
How to make passwords secure
- Make sure you use different passwords for each of your accounts.
- Be sure no one watches you enter your password
- Always log off if you leave our device and anyone is around – it only takes a moment for someone to steal or change the password
- Use comprehensive security software and keep it up to date to avoid keyloggers (keystroke loggers) and other malware
- Avoid entering passwords on computers you don’t control (like computers at an internet café or library) - they may have malware that steals your passwords
- Avoid entering passwords when using unsecured wi-fi connections (like at the airport or coffee shop) -hackers can intercept your passwords and data over this unsecured connection
- Don’t tell anyone your password. Your trusted friend now might not be your friend in the future. Keep your passwords safe by keeping them to yourself
- Depending on the sensitivity of the information being protected, you should change your passwords periodically and avoid reusing a password for at least one year
- Do use at least eight characters of lowercase and uppercase letters, numbers and symbols in your password. Remember the more the merrier
- Strong passwords are easy to remember but hard to guess. Iam:)2b29 – this has 10 characters and says ‘I am happy to be 29’
- Have fun with known short codes or sentences or phrases 2B-or-Not_2b? – this one is ‘To be or not to be’
- It’s ok to write down passwords, just keep them away from your computer and mixed in with other numbers and letters so it’s not apparent that it is a password.
- You can also write a tip sheet which will give you a clue to remember your password, but doesn’t actually contain your password on it. For example, your tip sheet might read ‘To be or not to be’
- Check your password strength. If the site you are signing up for offers a password strength analyzer, pay attention and heed its advice.
Today's Internet-centric world demands users to stay vigilant about their security online. Creating and keeping strong passwords should be considered an imperative against data breaches and cyber attacks. Taking the extra time to create a strong line of defense early can help you avoid major trouble down the road. Stop over to our Security Center today or visit the Securities and Exchange Commission’s site for great information about protecting yourself online.