Clifford Stoll, astronomer, author, and teacher, often joked about computer passwords. He said, “Treat your passwords like a toothbrush. Don’t let anybody else use it, and get a new one every six months.”
As I look back at my experiences with passwords, I remember back in the early ‘80s as a youth receiving my first ATM bank card. The PIN for that card was the first computer-type password I can remember using. It was a four-digit numeric PIN and I selected the very complicated password of “1, 2, 3, 4” thinking what a simple sequence it was to remember. Yes, I know it was a bold and shrewd choice! Fast forward nearly 40-plus years and I can no longer do the simplest online tasks without a password. Fortunately, I have been forced to move past these simple four-digit passwords to longer, more complex ones, but are they keeping up with the sophistication of today’s cyber threat landscape?
“Weak passwords are the most common way online criminals access accounts.”
– cisa.gov/secureourworld
World Password Day, which falls on May 2nd this year, is aimed at promoting better password habits and cybersecurity awareness among computer users. This date serves as a reminder to evaluate and strengthen your passwords to keep your data away from hackers. Stolen or compromised passwords often lead to cybercrime and identity theft.
Password Day is a great time to bring awareness to a variety of cyber threats, including ransomware and identity theft, that continue to increase exponentially year over year. I am sure most people think “Oh, this will never happen to me,” and ignore all the glaring risks of using common and repeated passwords. Some people may keep the same password for months if not years. Obviously, none of this behavior is good!
For organizations, Word Password Day is a wake-up call. Matthew Parsons, Sr Director of product management at 11:11 Systems, explained “Whether we like it or not passwords are going to be a part of the IT world for some years to come, so it’s critical that organizations take the time to regularly review, update, and train around their corporate password policies.” Parsons further said, “As one of the top exploited initial attack vectors, your password and authentication policies could mean the difference between a thwarted scare and full-blown ransomware!”
For individuals, Word Password Day should be a “call to action” to immediately change your passwords, especially the ones that you use every day. This may include your emails, social media accounts, and most importantly, accounts that store your sensitive personal information like your online banking or credit card accounts.
Remember, not all passwords are created equal! The table below, courtesy of Hive Systems, shows how quickly even perceived strong passwords can be attacked, and how simply making passwords longer, mixing upper- and lower-case letters, and using alphanumeric characters can immediately strengthen these critical passwords.
Bruce Schneier, a famous cryptographer and author, wisely said, “The whole notion of passwords is based on an oxymoron. The idea is to have a random string that is easy to remember. Unfortunately, if it’s easy to remember, it’s something nonrandom like ‘Susan.’ And if it’s random, like ‘r7U2*Qnp,’ then it’s not easy to remember.”
Think of your passwords as pieces of a jigsaw puzzle. Each character in the password is like a puzzle piece, and only when arranged correctly do they form the complete picture (grant access to your account). A strong password ensures that the pieces are complex and fit together securely. Let’s look at some quick and easy ways to immediately bolster the everyday passwords that litter our digital footprints.
Tips and tricks for better passwords:
-
- Use Strong Passwords: Create passwords that are long, complex, and include a mix of uppercase and lowercase letters, numbers, and symbols. Avoid using easily guessable information like birthdays or common words.
- Unique Passwords for Each Account: Avoid using the same password for multiple accounts. If one account gets compromised, it could lead to a domino effect of security breaches across multiple platforms.
- Consider Passphrases: Instead of a single complex password, consider using a passphrase consisting of multiple words. Passphrases can be easier to remember and more difficult for hackers to crack.
- Enable Two-Factor Authentication (2FA): Two-factor authentication adds an extra layer of security by requiring not only a password but also a secondary form of verification, such as a code sent to your phone. Enable 2FA whenever possible for your accounts.
- Use a Password Manager: Consider using a reputable password manager to securely store and manage your passwords. Password managers can generate strong, unique passwords for each account and automatically fill them in when needed.
- Regularly Update Passwords: Periodically update your passwords, especially for sensitive accounts like online banking or email. Set a reminder to change passwords every few months or after any security incident.
- Beware of Phishing Attempts: Be cautious of emails, messages, or websites that request your password or other sensitive information. Verify the legitimacy of requests before providing any personal data.
- Secure Your Devices: Ensure that your devices are protected with strong passwords, PINs, or biometric authentication methods. Keep your operating system, antivirus software, and apps up to date with the latest security patches.
- Educate Yourself: Stay informed about common cybersecurity threats and best practices for staying safe online. Regularly educate yourself and others in your household or workplace about the importance of strong passwords and cybersecurity health.
- Backup Your Data: Regularly back up your important data to a secure location, either locally or in the cloud. In the event of a security breach or data loss, having backups can help restore your information.
By following these tips and tricks, you can help improve your online security and protect your personal information from unauthorized access. To learn more about data protection and other security tools please take a look at these 11:11 Systems resources.