This guide is designed to educate you on the common contributors of security breaches, particularly things that you can control… your passwords.
1. Different account, but the same password.
With so many accounts needing passwords, the tempting thing to do is use the same password for a few, or for all logins (not you, of course). The obvious problem with this convenience is that if the wrong person obtains one password, they have several of them (if not all). Especially as many usernames are email addresses, it wouldn’t take them long to make their way into several other accounts. Even if you are using variations of a password, for example, ‘password123’ and ‘password456’, it doesn’t often make it difficult for a hacker to guess—especially as so many people do it.
2. Short, sweet and easy isn’t a good password policy.
When choosing passwords, people often a drawn towards standard dictionary words, a handful of numbers, or a combination of both. Now using numbers and words isn’t a bad thing, but many common choices are alarmingly common. Remembering ‘Coffee123’ might be easy, because you like coffee and don’t like complicated numbers, but so does a few million other people. Common means likely, and likely is easy to guess.
3. Changing one character when updating a password isn’t the benchmark of good security.
When it comes time to update yet another password, relish in the moment to update ‘Password123’ to something much more secure. The security-conscious prompt to change your password at regular intervals may be annoying to do, but it helps ensure that if that password has ever accidentally slipped out, then it is no longer useful to anyone. Changing one character, or adding an extra exclamation mark, doesn’t make ‘pony11!’ that much more secure. Hackers know that people do that often.
4. Not changing your password after a security breach.
There is an unnervingly large percentage of users that don’t change their password after a data/security breach. It is always best practice to change your password immediately after being informed of a breach, or even if you suspect one. Just make sure you do it through the correct website or app, and not some suspicious email that asks you to follow a direct link in order to log in.
Note: If you’ve forgotten your password and you’ve specifically requested to change it, some systems will send you a confirmation with a link to reset your password. As you requested it and are expecting it, you don’t need to worry. It is circumstances where you didn’t request it that you need to be cautious.
5. Storing your passwords insecurely.
For the sake of giving your poor brain a break, you may decide to centralise all these passwords into one place. That’s not wrong, as even the best of us will find it hard to memorise complex passwords to twenty or so different services or websites.
6. Sharing credentials too openly.
Often this is a big no-no, even most support technicians don’t need your password to troubleshoot issues with your account, so it is okay to be cautious if they do ask.
However, you might share your popular movie-streaming subscription credentials with a friend (no judgment here). Now, this friend may not do anything sinister themselves, but they may not follow as strict a password protection policy that others do. Let’s say that they have written the username and password down on a notepad and left it innocently on the dining room table. Before you know it, their partner’s sister’s friend has those logins, guessed correctly that your eBay and Paypal account used the same login, and have ordered a new TV or sound system without you really noticing.
Maybe things wouldn’t happen quite that way for you, but there has been worse things go on out in the world. Entire identities and credit files have been compromised due to poor security, so it’s best if we do our best to make our own passwords and online accounts secure.
6 Ways to ensure good Password Security
1. Don’t be obvious
Using words and dates that are potentially public knowledge, such as favourite relative and the year they were born, might sound secure to many, but don’t be fooled. If insecure information (even public information on social media profiles) can give clues to a determined hacker, then it may become rather easy for them to guess. Sometimes a ‘hacker’ is not some stranger in a different country, but someone that may even know you on some level.
Believing that no one will suspect an obvious password is not as smart as one might think.
2. Diversify – minimise the impact if one of your accounts does get hacked.
Using words and dates that are potentially public knowledge, such as favourite relative and the year they were born, might sound secure to many, but don’t be fooled. If insecure information (even public information on social media profiles) can give clues to a determined hacker, then it may become rather easy for them to guess. Sometimes a ‘hacker’ is not some stranger in a different country, but someone that may even know you on some level.
So, the secret here is simple: change up your passwords and never repeat or reuse an old password, even as tempting as that may be.
3. Intensify – put more focus on developing more advanced passwords for more important accounts.
Using words and dates that are potentially public knowledge, such as favourite relative and the year they were born, might sound secure to many, but don’t be fooled. If insecure information (even public information Whilst making secure passwords for any account is important, if you’re going to be particular about which passwords should be ‘more’ secure then it would be prudent to consider what information you are trying to protect, how important that information is to you, and the amount of damage that could be suffered if a security breach occurred.
How to make them more secure? Try setting a minimum number of characters (letters, numbers and symbols) of at least 14, and use combinations of upper- and lower-case letters, numbers and standard symbols. Most websites allow all these character types when creating passwords but work with what you’re given.
Need a random password generator? Click here.
Worried about trying to commit something like !W@=F!W**gCXqb to memory? Use a password manager and/or Pass-phrases.
4. Length over complexity.
To simplify things, the more aggressive type password hacking involves brute-force attacks that use a dictionary filter or character sequencing to ‘find a match’. With this in mind, using a mix of numbers, letters, and symbols might beat the former, but not the latter. Making the password longer increases the number of possible combinations of characters, and utilising pass-phrases is one way of achieving this.
The great thing about pass-phrases is you can create one that is familiar to you, and easier to remember, but not so obvious to guessing.
Here is examples of a manually-generated, simple password vs. a pass-phrase:
1. Simple password based on favourite food: Pizza999
2. A 65-characer Pass-phrase: IFor1LikeMeatloversFromJoe’sPizzaShopBecauseIt’sAwesome
3. Complex 23-character Pass-phrase: m3atL0Vers@myPlace2N1TE
The first example demonstrates an easy to guess or hack password, but the others show two different applications of pass-phrases. Example 2 shows a long, but fairly easy statement to recall, whereas Example 3 offers added security if the sentence was somehow discovered, but the use of characters were not known.
Hopefully, by these examples, you get the idea.
5. Password Managers.
With the many, now-complex passwords that you’ll have, it is probably a chore to try to remember them all. That’s okay. If you need to centralise or store these in one place, then that’s not a bad thing. Regardless of where you decide to store them, it is still important to keep them securely stored and that the stored location is then password protected. Convenience and security can be found in a password manager.
To see our guide to Password Managers, click here.
Firstly, don’t give your username and password to random callers pretending to be from a company that you may have an account with. But if there is a scenario where you have shared your credentials (accidentally or otherwise), be sure to change your password as soon as practicable. You may have shared it with someone you trust, but while many people you know may well be trustworthy, there are those out there that are not. Do so at your own discretion but be aware of the risks involved.
Perhaps you think some of this is a bit unnecessary, but it comes down to cold, hard truth that if your personal information, credit card detail or money, were taken because of poor password security, you would probably wish you’d made those passwords just a little more secure.
So, don’t wait for things to go wrong before you start practicing good password security. To get you started, our support page has a random password generator, but feel free to get in touch with us if you need password and document security for your business.
