Do You Have Good Password Hygiene?

 

A weak password is like leaving your front door locked with the key under the mat. If you give the hackers all the tools they need to bypass your security system, you haven’t really protected anything at all. The same is true for having extremely simple security.

For example, if you have a short gate with a sliding latch on the inside, but anyone tall enough can simply reach over and unlatch the gate, you should invest in better security measures.

Your password could mean the difference between safeguarding your personally identifiable information (PII), or having your identity stolen and your information sold throughout the dark web. Right now, you may be asking yourself: how secure is my password?

We will go over some of the most common mistakes made when creating a password, as well as methods to improve your storage of passwords, and the types of attacks that hackers use to breach your cyber security.

The difference between a good password and a bad password can sometimes be slim, but nowadays, a good password is a mix of letters, numbers, and symbols not associated with a pattern that someone could easily guess.

Unfortunately, most people choose things that are easier to remember. Some of these examples are:

• Birthdays
• Middle Names
• Favorite Sports Team
• First Pet
• Place of Birth
• Favorite Song
• Street You Grew Up On

 

Information Farming

 

What you may be thinking is, aren’t those also security questions? Yes, they are. And an easy way that hackers have been getting high counts of personal information from willing individuals is through direct attacks on social media. No, they didn’t have to hack your account. They just needed your profile to be set to Public. A hacker may create a meme page, posting only questions directed at the mass public.

Have you been on Facebook and seen or commented on vibrant posts asking questions like the following:

 

“If your car name was your middle name and the year you were born, what model would you be?”

 

“If you had to marry your spouse where you met them, where would your wedding have been?”

 

“The best song in the world is _____. Prove me wrong. Comment with your favorite song and I’ll be the judge.”

 

“They say some people never leave the place they were born. How far did you end up from your hometown?”

 

“Pets are family, forever. Let me see pics of your fur babies!”

 

Questions exactly like these a phishing for information. If your social media profile is Public you can potentially give a multitude of information away to the right trained eye, and this is what hackers drool over.

 

Taking Security Measures

 

While there are many other sources that seedy internet hackers are looking for, it is important to keep your information as safe as possible. Much of this can mean something as simple as basic cybersecurity precautionary measures such as:

 

• Installing a reputable antivirus/antimalware software
• Updating and staying current with any firewall subscriptions
• Taking advantage of 2-Step Verification processes or investing in Multi-factor Authentication devices such as a configured Yubikey
• Configuring Email Security software
• Ensuring websites have a secure socket layer (SSL) certificate

(this will look like a small lock symbol to the left of the website URL)

• Enrolling yourself and staff into Cyber-Security Awareness Training class

 

Each of these will have a long-term benefit far greater than the initial cost of software, Managed Services, or training courses, and will protect your sensitive information as well as the information of your clients. 

Popular Passwords, Hacked and Cracked

 

Take a look at some of the most popular passwords that have been cracked in some cases under 10 seconds!

Top 200 Most Common Passwords

If your password is on this list, it would be prudent to go trough and change all accounts associated with such a weak or common password. Remember that hackers don’t just go after email accounts, they will figure out what other accounts that your email is linked to. Dating websites, bank accounts, insurance, bank accounts, and other personal accounts.

Chances are high that if a hacker discovers one password, they have the keys to every account under your name. They can log into your account and lock you out, changing your password and purchasing things in your name with your account, and having it shipped to another location.

This is one reason why Multifactor Authentication is so important, because it can directly link your account login attempts to a personal device in your possession such as a phone authenticator app or text message verification codes. There’s nothing wrong with an extra layer of security.

Protect you and your company from phishing, brute force, and other cybersecurity attacks but being smart and not having the same password for every workstation, protected document, server, or new-person onboarding equipment. These shortcuts could result in loss of personal information or ransoming of company/client assets.

How to Keep Track

 

You may be thinking it is time to change some passwords. Great! But how best to keep track of each account’s different password? How do you prevent yourself from having to go through the annoying Forgot Password routine every time you switch credentials?

Account and Password Management is a great tool to utilize, keeping all credentials safe, secure, and readily available. What should be taken into consideration when using a password manager is that they are also normally password protected.

Avoid common patterns, numbers, leetspeak, or PII like birthdays and favorite sports teams. Also, when a password is concerned, length matters. Shoot for 8 but settle on 12 characters when creating the unique password to your Management tool. Not only with this make it more difficult for a cyber-hacker to crack the password, but it will increase the probability of account security.

As professionals in the IT world, More Power Technology Group function as expert consultants with password management, multifactor authentication, and cybersecurity training.