Before I go to bed at night, I make sure my front door is locked. Why? Because if someone tried to break in while I was sleeping and the door was unlocked, they could easily slip inside and steal my things.
By locking the door, I’ve made it more difficult for a would-be intruder to enter my residence, and they will most likely continue on to a house offering easier access. This concept holds true for basic password security as well.
Maintaining secure and strong passwords, both at home and at work, are critical steps toward preventing any would-be hacker from gaining access to your vital information and doing bad things.
How Often Should You Change Your Password?
Immediately. Especially if you can’t remember the last time you have done so. Then, it depends on what the password is used for. The typical range is 30 – 90 days, 180 minimum. Realistically, and following the password security best practices, 90 days is a good rule to go by. Mark your calendar. Have a party. Change your passwords.
Is Your Password Secure?
How do you really know that your password is secure? Truth is, you don’t. Remember my comment about a would-be intruder moving on until they find an easier house to enter?
That’s what you want to do. Make it extremely difficult for anyone to guess, obtain, or otherwise know your password. Here are a few guidelines to follow.
- Difficulty Level: If your password is too difficult to remember, it is probably a good password! Make sure it's also difficult to guess.
- Password Security: Don’t write it on a post-it and stick it to your monitor, hide under the keyboard, or give it to someone over the phone.
- Avoid Reusing: Never use the same password for everything.
- Password Length: 8 characters, minimum.
- The Perfect Password Combination: Use at least 3 of these- alphabetic, mixed case, numeric, punctuation.
Here’s a cool site to test your password security and see how strong your password is. I love testing different ones to see which one will protect me the best!
Characteristics of Bad Passwords
Think about the passwords you’ve used in the past. What’s your pet’s name, or your anniversary? Maybe your daughter’s middle name. All good things, but bad passwords. We tend to use what we know, and so does everyone else. Hackers know this and start with the basics when attempting to calculate your password. Avoid using these 6 things when generating your next password:
- Stop using the same password (or variation) repeatedly
By using the same password variations you are jeopardizing your password security and risk being easy prey.
- Save proper names for in person
Your pet’s name or your spouse's name is easy to guess! Make sure you stay away from information that anyone can guess.
- Avoid using dictionary words
Seriously. Hacking tools will be able to crack those passwords faster. Even if you're using a ridiculous word like dictionary Supercalifragilisticexpialidocious. (that's in the dictionary, by the way.)
- Get rid of common sequences
These are the most common patterns that are easy to guess like 1234 or xyz.
- Cut out derivatives of your typical userID
As long as someone has your first and last name they could easily hack into your accounts. Avoid using passwords like Username: JSmith / Password: JSmith2015.
- Leave personal details out of your passwords
variations of name, spouse, kid, pet, license plate number, social security, birthdate are all public knowledge and easy to find. (I actually never thought about using my license plate number…ZMBHNTR)
10 Areas Your Password Security Is At Risk
Here’s just a sample of the things I could do with just your username and password...
1. Banking, Finance, Credit Cards
This one may be obvious. Once I have access to your banking information, what you work so hard for is mine. Have an eBay account, tied to your PayPal account, tied to your Bank account, that is also tied to your investment (think retirement) account? I do too...and it is yours.
2. Social Media
Your Facebook friends believe everything you post, so why not give me access to post some nasty information about you or plant fake yet enticing links to click on that are really viruses? I will also have access to your personal information to use elsewhere. Twitter? Instagram?
Most websites have the “forgot your password” link which allows you to reset your forgotten password – if I have access to your email, well you get the idea. I can use your information and real email address to request new credit cards, Amazon access, or to send malware to your friends.
4. Private information
Documents, photos, social security, etc – there are many cloud offerings. Storing your data in the cloud allows for easy retrieval from anywhere – laptop, tablet, smart phone, or the comfort of my own sofa. What you save should have a strong password to protect it or you risk it being stolen. Even if you store your data at home on your computer’s hard drive, I may have the ability to grab it when you’re not looking.
5. Identity Theft
Be overly cautious when you receive emails, phone calls, or any other request for your information – username, password, PIN number, etc. Why would a random stranger ask for your birthday or mother’s maiden name anyway? Don’t click on those links in suspect emails. That website may look innocent, but in reality it’s a server in my basement gathering data about you so I can become you (in the virtual sense).
6. Viruses, Malware, etc.
Viruses used to do cute and annoying things like open your cd-rom drawer or play Yankee Doodle Dandy. Now they open up your entire computer and allow a hacker to take complete control of your system – without your knowledge – or worse yet encrypt all of your data and hold it hostage until you pay a ransom!
7. Corporate Data
Sometimes corporate data is YOUR information. Just recently Target, Dairy Queen, Home Depot, and Sony were victims. So were you. Usernames, passwords, credit card information were taken. YOURS? There are many ways to gain access to a corporation’s internal information. Many times that is via an unsuspecting employee (see list above!)
8. Corporate Email
What if a competitor had access to your email? What advantage could that provide? What if an email was sent to your boss with some not-so-flattering comments from YOUR account? We recently saw this happen with Sony on a large scale.
9. Going Out of Business Sale
Let’s face it. It is costly to recover from a data breach. Most of us don’t work at large enterprises that could absorb millions in lost revenue due to a loss of information. HIPAA laws and penalties are expensive. What if your files were just gone and not recoverable? Contracts? Emails? Most of us work in small businesses, with less than 250 employees. 60% of small businesses don't recover from a major attack.
10. Legal Liability
Did you know that you may be held liable for any data breaches that can be traced back to you? Under Health Insurance Portability and Accountability (HIPAA) laws, you could be. Further, you could be sued for damages by your employers if losses were incurred.
Password Security Pitfalls
Let’s be honest. Security is a rough job. It takes effort. And it’s inconvenient. Forgetting your password at the least convenient time is scary. Websites exist to help you keep track of your passwords (I am including a link to one for reference and not as a recommendation: @Keeper)
The PIN on your smartphone (you have one, right?) that you’re forced to enter EVERY time you want to check Facebook. Just think if you left your phone on the table at the restaurant, and someone else got to your Facebook page, or your corporate email, your photos, text messages, etc. – I’ll pause while you program the PIN now….
If you have something to add, I’d love to hear your comments below!