We use passwords in our everyday life to keep our personal and business data secure.
Here’s a quick test – what do these seemingly random alphanumerical groupings have in common?
This is a list of the top ten passwords that were in use last year.
Recognise any of these? If you don’t, you’re not necessarily in the clear, but your chance of becoming compromised or hacked is far less than someone who uses one of these passwords. If you do recognise these, you’re certainly testing your luck.
Remembering Your Password
These days, creating and remembering passwords has become increasingly more challenging. If we had only one device that required a password, we could probably manage it quite easily.
However, every device we use, the programs we use at work and other online sites we use all need separate passwords. Some of those passwords need changing every 90 days. And, each application may enforce different restrictions on the passwords used. You must you a capital, a number and a special character. Or, you must only use letters and numbers. It is estimated that the average person must memorise up to 191 different passwords. No wonder we often choose to take shortcuts!
The problem is over 80% of hacks are due to compromised credentials. Which is otherwise known as stolen username and password information that can be sold on the Dark Web.
In fact, in one month alone in 2018, Microsoft blocked 1.3 million attempts to steal password data, which would have led to dangerous phishing attacks, and other hacking attempts.
These frightening statistics are why you hear the recommendations:
- Never use the same password twice (IT Managers report 73% of all passwords used are duplicated in multiple applications, opening up various avenues for attack)
- Never write down your passwords
- Do not share your passwords with anyone else
- Never use real words or known information about yourself in your passwords
- Avoid commonly used passwords (50% of all attacks involved the top 25 most used passwords)
Pay attention to that last stat: 50% of all attacks included the top 25 most used passwords. See what we meant when we said if you recognise anything on that list you’re testing your luck?
Following all these rules and regulations, you’ll end up with passwords that are about 16-characters long, impossible to memorise, and, unfortunately, are still entirely hackable (much more difficult, of course, but where there is a will, there is a way).
So, what do we do now?
The first shortcut is a password manager. You can store all your passwords in one place. This makes remembering all your passwords much easier, but there you’re not out of the woods yet. A password also protects the password manager. If you’re utilising software like this, make sure that this password is extraordinarily complex, so that hackers aren’t even tempted, especially in the case of a brute force attack. If possible, turn on multi-factor authentication, especially on your password manager.
Many sites utilise multi-factor authentication. This extra layer of protection connects to your phone, email, or other authentication sources, rather than relying solely on a password. We recommend enabling multi-factor authentication wherever possible. The only caveat here is to make sure your secondary authentication source is equally secure with a strong password — no sense in double protecting yourself with a wide-open source.
Random Password Generators
These sites come up with secure passwords for you but are typically a random jumble of letters, number, and symbols that are darn near impossible to memorise. If you’ve got a good memory, this might be a good starting point, but if you’re like most of us, this may be more challenging than it’s worth.
How to craft the best password
Use a “Password Phrase” in place of random letters, numbers and symbols. Create something easy for you to remember, but has no meaning to anyone else. For example, I<3Fh@ck3rs43v3r!. Breaking this down, you get:
- I – I
- <3 – Love
- F – fooling
- h@ck3rs – hackers
- 43v3r – forever
This would be easy for you to remember because you understand the phrase, but difficult for a hacker to decipher because it’s not made up of real words.
There’s no time like the present to get started and change your easy-to-hack passwords to something safer because it’s always better to be safe than sorry.
- Try working at creating passwords that will be difficult for hackers to hack.
- Make sure to change them regularly.
- Never write passwords down, (especially on a Post-it Note stuck to your computer!).
- But most of all, make passwords an essential part of your life.
- Don’t consider them a nuisance or a thorn in your side.
- Make a game out of creating passwords.
- Challenge yourself to be more creative each time you create one.
Beat the Hackers
Beat the hackers at their own game by making your password too time-intensive to try and crack, and you’ll reduce your chance of your information showing up on the Dark Web. Are you worried that your information is already available due to past weak password use? Contact us. We’ll run a scan that reveals your vulnerabilities.
Allteks provides managed IT support, IT service and IT consultation from our offices in Maidstone Kent. Allteks has been helping organisations across Kent, London and the UK manage their IT infrastructure since 2000.