Password Security

Do you currently keep your passwords documented on a sticky note, in a notebook, or saved on your computer in an unsecured document? How would you feel if you left your notebook somewhere and a stranger picked it up? What if they snapped a few quick photos of all of your websites, usernames, and passwords? Would you know if someone has your information? In some cases you may not know your information was stolen for a long period of time, if ever. 

What if they get in?

Let's start with an example: someone knows your email address and is able to get logged in. They could see your contacts lists and things like the emails in your inbox, sent items, drafts, and trash. From there, they could see you have a profile with a certain social media network or an account at a certain bank. This individual could then try to get into other accounts by trying the same email and password to see if it works. If it doesn't, they could try the "forgot password" option and, since they have are already in your email, potentially gain access to additional accounts. Once they have access, they can cause all sorts of havoc by updating information, sending money to themselves, posting things you wouldn't, or even change your password and update the password recovery email to their email account. 

What can you do about it?

I always recommend turning on Multi-Factor Authentication (MFA) when available to add an additional layer of security on top of your secure password. MFA is a layered approach to securing your online accounts and the data they contain. Once you enable MFA, you will need to provide two or more authenticators to confirm your identity before you can gain access. A few examples of MFA include receiving a text message with a code to enter after you type in your password, or a call to confirm it is truly you logging in to your account. If you ever receive these messages or calls and you aren't expecting them, do not give anyone the code or confirm the authentication as it could be someone trying to gain access to your account. 

Here are a few tips for creating or updating your password.

1. Don't use personal info. This extends to names, birth dates, social security numbers, and phone numbers. 

2. Switch it up. Randomize the sequence and patterns of numbers, special characters, upper-, and lowercase letters. 

3. No recycling. Never reuse passwords. 

4. Make it longer. The longer your password, the harder it is for hackers to compromise. 

5. Sharing is not caring. Don't share your passwords, even with friends or family members.

6. Avoid public Wi-Fi. Public internet access points are less secure which can make it easier for hackers to access your device's data and saved credentials.

7. Add some variety. Create a complex password using a mixture of letters, numbers, and special characters. 

8. Tag in an assistant. Download a password manager to help create and organize strong passwords.

9. Check your strength. You can check your password strength with a checker, like LastPass, which allows users to validate the effectiveness of the password created.

10. Don't go stale. Change your passwords periodically to ensure you are taking the necessary steps to keep your accounts safe. Make sure the password is completely different. (Changing the 1 to a 2 at the end doesn't count!)

I asked at the beginning how many of your accounts have the same username and/or password. Now think about how many of your accounts could potentially be hacked instantly, or within a few minutes. While there may be other safeguards in place, the best thing you can do to protect your information is use unique and complex passwords. A few minutes of creativity can save months, or even years, of frustration in the event of an account compromise or identity theft. 

Want more info?

Experts Reveal How Long Would Take A Hacker to Crack Your Password by Sam Tonkin

Password Security by Clare Stouffer