Brian Millis
Think about how many accounts you currently have that require a username and password. Is your user name your email for all of your accounts? Do you reuse the same password? Hopefully not, but if they are it's time to change them ASAP! Let's talk about why it's so important to make sure each account has a different password and what it means to create a secure one.
Your accounts can range anywhere from online banking access, email, social media, streaming services, credit cards, utilities, medical, school, etc. Most likely, every secure account that you have requires at least a username and password. Some sites require you to change your password every 30, 60, 90, 180 days, or annually. In our fast-paced world it is difficult to remember what we did yesterday, let alone unique usernames and passwords for so many accounts. Sometimes you may have to reset your password if you have forgotten your current one or locked yourself out after trying too many incorrect passwords. Creating a new password to get your account unlocked can be very frustrating.
Where do you keep your passwords?
Do you currently keep your passwords documented on a sticky note, in a notebook, or saved on your computer in an unsecured document? How would you feel if you left your notebook somewhere and a stranger picked it up? What if they snapped a few quick photos of all of your websites, usernames, and passwords? Would you know if someone has your information? In some cases you may not know your information was stolen for a long period of time, if ever.
What if they get in?
Let's start with an example: someone knows your email address and is able to get logged in. They could see your contacts lists and things like the emails in your inbox, sent items, drafts, and trash. From there, they could see you have a profile with a certain social media network or an account at a certain bank. This individual could then try to get into other accounts by trying the same email and password to see if it works. If it doesn't, they could try the "forgot password" option and, since they have are already in your email, potentially gain access to additional accounts. Once they have access, they can cause all sorts of havoc by updating information, sending money to themselves, posting things you wouldn't, or even change your password and update the password recovery email to their email account.
What can you do about it?
I always recommend turning on Multi-Factor Authentication (MFA) when available to add an additional layer of security on top of your secure password. MFA is a layered approach to securing your online accounts and the data they contain. Once you enable MFA, you will need to provide two or more authenticators to confirm your identity before you can gain access. A few examples of MFA include receiving a text message with a code to enter after you type in your password, or a call to confirm it is truly you logging in to your account. If you ever receive these messages or calls and you aren't expecting them, do not give anyone the code or confirm the authentication as it could be someone trying to gain access to your account.
Here are a few tips for creating or updating your password.
-
Don't use personal info. This extends to names, birth dates, social security numbers, and phone numbers.
-
Switch it up. Randomize the sequence and patterns of numbers, special characters, upper-, and lowercase letters.
-
No recycling. Never reuse passwords.
-
Make it longer. The longer your password, the harder it is for hackers to compromise.
-
Sharing is not caring. Don't share your passwords, even with friends or family members.
-
Avoid public Wi-Fi. Public internet access points are less secure which can make it easier for hackers to access your device's data and saved credentials.
-
Add some variety. Create a complex password using a mixture of letters, numbers, and special characters.
-
Tag in an assistant. Download a password manager to help create and organize strong passwords.
-
Check your strength. You can check your password strength with a checker, like LastPass, which allows users to validate the effectiveness of the password created.
-
Don't go stale. Change your passwords periodically to ensure you are taking the necessary steps to keep your accounts safe. Make sure the password is completely different. (Changing the 1 to a 2 at the end doesn't count!)
I asked at the beginning how many of your accounts have the same username and/or password. Now think about how many of your accounts could potentially be hacked instantly, or within a few minutes. While there may be other safeguards in place, the best thing you can do to protect your information is use unique and complex passwords. A few minutes of creativity can save months, or even years, of frustration in the event of an account compromise or identity theft.
Want more info?
Experts Reveal How Long Would Take A Hacker to Crack Your Password by Sam Tonkin
Password Security by Clare Stouffer