Chances are high that you already take great steps to ensure that your network and systems are secure from threats. But, do you take the same steps to ensure that your accounts like email, social media, bank and so on are also secure? The weakest link of any account is the password, and that’s exactly where most hackers strike. Is your password secure?
We recently conducted a password audit for a client and found that the majority of the 100+ users had not changed the default password that was assigned to them 2 years ago. Among those who did, we found one user who used 4 consecutive numbers with 4 consecutive letters, one user who used undisguised profanity, three who use their department name, several who used the organization name and, my favorite, an assistant who’s password is the same his supervisor’s.
If you want to minimize the chances of your password being hacked, here are five things you should NOT do.
1. Don’t pick short passwords
While short passwords are easier to remember, they’re also easier and quicker to hack. The most common way to hack passwords is by using brute force: developing a list of every possible password, then trying this list with a username.
Using a mid-range computer like the one many have on their desk, with a normal Internet connection, you can develop a list of all potential passwords astonishingly quickly. For example it would take 11.9 seconds to generate a list of all possible passwords using five lowercase characters (a,b,c,d,etc.) only. It will take about 2.15 hours to develop a list of all possible passwords using five of any computer character. Once a hacker has the list, they just have to try every potential password with your user name.
On the other hand, a list of all 8 character passwords with at least one special character (!,@,%,etc.) and one capital letter would take this computer 2.14 centuries to develop. In other words, the longer and more complex the password, the harder it will be to hack. That being said, longer passwords aren’t impossible to hack, they just take more time.
2. Don’t use the same password
The way most hackers work is that they assume users have the same password for different accounts. If they get one password, it’s as simple as looking through that account’s information for any related accounts and trying the original password with the other accounts. If one of these happens to be your email where you have banking information, they’ll probably hack that next.
That’s why it’s important to use a different password for every online account. They key here is to try and use a password that’s distinctively different. Don’t just add a number or character onto the end of a word. If you have trouble remembering all of your passwords, try using a password manager. You can find password managers and reviews on CNET.com.
3. Don’t use words from the dictionary or all numbers
This article published last year on ZDnet highlights the 25 most popular passwords. Notice that more than 15 contain words from the dictionary, and most of the rest are strings of common numbers. To have a secure password, most security experts agree that you should not use words from the dictionary or number combinations that are beside each other (e.g., 1234).
4. Don’t use standard number substitutions
Some users have passwords where they replace letters with a number that looks similar, for example: h31lo (hello). Most new password hacking tools actually have combinations like this built in and will try a normal word, followed by replacing letters with similar numbers. It’s best to avoid this.
5. Don’t use available information as a password
A quick search for your name will probably reveal your email address and social media profiles. If you have pictures of your kids, spouse, pets, family, their dates of birth etc. on your Facebook profile with their names in captions, it’s possible for a hacker to see this (assuming the pictures are shared with the public).
You can bet that they will try these names as your password. You’d be surprised by the amount of personal information on the web. Try searching for yourself using your name and email address and see what information comes up. If your passwords are close to what you find, it would be a good idea to change them immediately.