Setting hard-to-guess passwords and remembering them is no easy task, and even the best of us make mistakes. Like any other good habits, good cyber hygiene habits are easier said than done. Unfortunately, the stakes are rising, and security disasters are getting more frequent. In the previous year alone, there have been massive hacks at T-Mobile, web host GoDaddy, the DailyQuiz.me game, and gas supplier Colonial Pipeline. More accounts, apps, and passwords create more opportunities for theft. However, human nature remains the same: “123456” – is still the most used password in the world.
SolarWinds, a company that creates IT management software for clients, including the U.S. Department of Defense, charged an intern after leaking the company’s necessary password to the Internet. The password was “solarwinds123”. In that spirit, Dashlane released an overview of the worst password disasters of 2021. For example, Facebook made a list for hacking, which exposed sensitive information, including phone numbers, email addresses, birthdates, and the whereabouts of 533 million people. Likewise, Netflix, LinkedIn made a list for linking to an Internet data dump that included more than 3 billion combinations of email addresses and passwords, which could account for about 70 percent of Internet users worldwide.
Most Secure Way to Store Passwords
If your password was once part of a hack, hackers are bound to try it on other sites and services to unlock as many accounts as possible in what is known as a “stuffing” attack. Using repetitive passwords or trivial variants like “solarwinds123” makes you and your workplace more vulnerable. “We have too many passwords today,” says Josh Yavor, director of information security at Tessian, who specializes in cybersecurity. “If you think about all the different accounts you have to log into, there are too many for someone to keep track of all the different passwords and make the right choice every time.” According to Dashlane, the average person on the Internet has more than 200 accounts that require passwords. Password fatigue is real, but don’t let it stop you from making minor changes to protect your accounts, wallet, and identity. Here are some solutions you can make now.
Stop Reusing Passwords
One specialist worked as a penetration tester and helped companies find and eliminate hacking techniques that hackers could use. At the time, he could access 20,000 corporate accounts in less than an hour simply by entering the default password that the accounts were provided with. However, using the same passwords for different accounts makes them not secure. For example, a Netflix leak could risk your bank account when you use the same password for Netflix and Chase Mobile. Take just one step to protect your accounts better and change your old “qwerty” password to something more secure. It will reduce the chances of a “brute force” hack several times.
Best Way to Keep Passwords
Don’t use details from your life to create passwords. You may think that no one can guess the name of your pet or child, but in most cases, it’s enough to go to Instagram or Facebook. Coming up with passwords “on the fly,” people are often not original. Thus, experts found that 21 percent of people use predictable cues, such as birthdays or favorite soccer teams. According to a Microsoft survey, 15 percent of users use pet names. That’s why you shouldn’t use passwords with any real meaning. A password longer than 12 characters, with lots of numbers, uppercase letters, and special symbols, would be optimal. According to Microsoft, 96% of successful cyber attacks involve passwords of less than ten characters, and 76% include passwords of less than six characters.
You may ask, “But why would anyone waste time guessing my password?” Even if you don’t think you’re well known enough to be the target of a cyberattack, don’t let this “old man” syndrome allow you to use simple passwords. Some hackers spend time searching for easy targets, and some use automatic password guessing, also called “spray and pray.” Having predictable passwords is like leaving your car in a mall parking lot. Most thieves hunt for unlocked doors and rolled-down windows. Here are examples of passwords to avoid:
- 123456. Too obvious means are easy to guess.
- Password. The password seems to be there but seems to be not.
- Password123. It’s very easy to guess.
- Qwerty. Even if you use different combinations of letters, then add numbers and symbols, it’s still not reliable enough.
- Pets’ names. Even if you combine pet names into a new unique word using special characters, it’s still not reliable enough.
- Kids’ names. Same as In the previous paragraph. (But usually less fluffy).
- Favorite teams. There aren’t many professional sports teams. Knowing your favorite sport makes guessing a team easy.
- Birthdays. This information is often available on your social media profile. Do not use a date that has any real meaning.
Check Passwords for Compromise
Password cracking can be a great way to get your passwords in order. If you own an iPhone, Apple will notify you by default if one of your saved passwords has been compromised. To change passwords on your iPhone, follow these instructions:
On your iPhone: Settings -> Passwords -> Security Recommendations and change those passwords that put you at risk. However, if you allow Google to save your passwords, go to passwords.google.com -> Go to Check Passwords -> Check Passwords. (Note: leaving your Google password on someone else’s computer is easy, so this method of storing passwords is not recommended).
Use a Password Manager
Password managers are applications that can generate, save and automatically fill in unique hard-to-guess passwords. They can also warn you about password cracking. A password manager will solve all your security and password memorization problems in one fell swoop.
There are many different password storage services available today. They all have advantages and disadvantages, but generally, they are similar and have the same function. Once installed and registered, the tool will start saving the passwords you use to log in. It can also generate complex passwords when you sign up for new sites and automatically insert your passwords into the login forms. To speed up registration and checkout, you can save a complete form including your name, address, and credit card information.
As for the security of such services, you only need to remember a single password. But to avoid having to enter it every time to unlock the password vault, you can use a pin code or fingerprint for quick login. Ideally, everyone should have just three passwords in memory: for the phone, email, and password manager. Memorize these passwords to keep them secure. Then, choose a manager with a zero-trust architecture or encryption technology that prevents the company from knowing the information it stores.
Also, password managers have a significant advantage over the manual entry. This advantage is that password managers know how to distinguish a legitimate site from a phishing site. So if a person opens a phishing site by mistake and is asked to enter data, the password manager won’t fill out the form and will warn that the site is fake.
Avoid Risks: Secure Place to Store Passwords
We all probably know someone with a password notebook on their desk next to their desktop computer. There is also a safe with passwords, a Google document with passwords, a saved draft email with a password, or a list of passwords in the Notes app on your smartphone. There’s no gain if you decide to store your passwords yourself rather than using a password manager. Of course, you can avoid digital theft by writing passwords in an analog notepad or on a piece of paper. However, the risk of losing that list is still significant. It can be lost, stolen, or even eaten by pets. You can protect your passwords from any disasters by storing them digitally.
Use Two-factor Authentication
Two-factor authentication (2FA) is additional identity verification. To log in to an account, a person must verify their identity twice before accessing it. Enabling 2FA prevents hackers from breaking in even if they got your username and password. Usually, the two-factor system sends a text message to your phone with a numeric code to be entered. If the code was entered correctly, then it really is you.
However, if someone gets hold of your phone, they can quickly get hold of all the accounts that use the confirmation code on your phone. You can also use third-party services for identity verification by downloading an authenticator application. Connect them to your accounts, and they will let you know when someone tries to log in. The app then gives you a second piece of information that verifies your identity and allows you to log in. Google, Microsoft, Twilio, and ID.me release authenticator apps that can be accessed from various mobile devices. Type “authenticator” in the app store and download one of these options.
No one likes creating a solid and unique password for every account every time. However, password managers completely solve this problem. Fortunately, you now have many much more secure options for storing passwords. While a password manager may take some time to learn, it’s much better than having your accounts hacked because you saved your passwords incorrectly.
* The inclusion of websites, applications, brands, service providers, or links is for informational purposes. It does not imply an endorsement or promotion of any company, product, and/or provider listed here.Securely Store Passwords