In days where stories of a new hack are a dime a dozen, online security has never been more important. Our friends over at Keeper Security have made the startling discovery that the most-frequently used passwords have changed very little over the years, which ultimately means some of you out there might be at risk, but don’t worry as they’ve prepared a step-by-step guide to help you safeguard your account.
Keeper Security gathered data using external, public sources on several leaks that have happened over the past few years. Seven of the most common passwords and, in fact, four of the top 10 most popular are six characters or shorter. This poses no resistance to modern brute-force cracking software and hardware that can unscramble them in seconds. Even users that make use passwords that they think are in an unpredictable pattern such as “1q2w3e4r” and “123qwe” remain at risk as Dictionary-based password crackers know to look for sequential key variations.
While website owners and email providers should be doing more to protect customers, it is truly in the user’s best interests to make sure to change their passwords to something that will protect them and their account. Below are 8 things you should consider when managing and changing your passwords.
- Don’t use the same passwords everywhere
It might be easier to remember one password for everything but that is also the quickest way to give the keys to the kingdom to your hacker. Studies have found that as many as 97% of people can’t detect a phishing email and once a phishing attack captures that password, the perpetrator essentially has access to any and all personal identifiable information stored on those accounts. While this isn’t a problem on websites that you don’t store any PII on, you should vary your passwords between websites that do to avoid compromising your data.
- Don’t vary your passwords by changing one character
The more secure websites ask you to change your password periodically and while that can seem like a pain, it is one of the fundamental ways to keep your account safe. When prompted, don’t change your password by one character as adding a non-alphanumeric character is the oldest trick in the book and password crackers are wise to it. Those types of characters are best used within the password instead of at the start or the beginning.
- Don’t use personal information in your passwords
The names of relatives, celebrities, sports teams, pets or anything related to you is not as safe as it seems. Social networking sites have made it easier and easier for password crackers to sift through and harvest that information. This includes variations that add extra characters to a common name.
- Don’t share your passwords with others
This seems obvious, but even the strongest password in the world can be compromised if someone knows it. Despite that person perhaps being someone you’d trust, if your password is shared with someone who has a weak password, your data could be up for grabs without them knowing.
- Don’t use a password that is too short
With computers getting better and faster, so does cracking software and hardware. 6 character passwords might have done the trick back in the day but now it is advised to think 12 characters minimum.
- Don’t store your password in plain text
It can be difficult to remember your passwords, especially with the many required to keep each account secure, but if you place them in a spreadsheet that you send to yourself or in a document on your phone, you could be susceptible to having your data held hostage. Randomware is the fastest-growing category of malware which will scour your device for anything resembling such crucial data before demanding payment for you to access it again. This ransom payment would likely be the least of your problems if your data is compromised.
- Don’t use recognisable keystroke patterns
Although it might seem like a random combination, if there are patterns to your passwords such as “1qaz2wsx”, the password cracker is likely to pick up on that. A random series of letters and numbers must be truly random to have a chance.
- Don’t substitute numbers for letters
Another technique that worked back in the day but doesn’t survive a determined attack on its own any more. Remember that truly random combinations make for the best passwords.
Keeper Security recommends that the best way to protect your password is to use a password manager protected by strong encryption, such as its own. The best ones generate secure passwords for you and give you total protection with two-factor authentication.
KitGuru Says: Honestly, I have been guilty of a few of these in the past but have definitely gotten better over the years. Have you made any of these mistakes before now? Do you use a password manager? Remember to keep your data as protected as possible at all times.
I’ve just switched to a pw manager a while back. Shit is crazy. I have dozens of accounts and I cannot be expected to remember strong, unique passwords for all of them (and in addition some have two-step verification, such as Google and Amazon). To quote a random online blog on cyber security: “With the advent of password managers, the large majority of all passwords should just be randomly generated, and replaced with a single password that provides access to all the others.”
It makes shit seriously easier. Now I only have to remember a few complex passwords.
“instead of at the start or the beginning.”
Regardless, aren’t pass phrases the recommended practice?
Only if you want to remember the passphrase, and the service allows very very long password entries (which is often an issue). Otherwise you just want randomised complexity, if a service supports very very long passwords, you’re much better off using random complexity, just much more of it (passphrases are not random and are only moderately complex). Either way, the ‘use a unique password for each service’ rule still applies, that can make remembering which passphrase for which service an issue.
Log112s