Passwords. Again.

  • Published: Wednesday, May 13, 2020

Passwords aren’t going away. Are your passwords strong? Do you reuse your passwords on multiple sites? Do you change your passwords, making them completely different from previous ones?

Many data breaches result in leaked passwords being sold on the dark web. Cyber crooks will use this information to attempt to log into various sites and see what damage they can do to your credit and bank accounts. Using the same password on multiple sites could lead to a lucrative payload for the attacker.

Not all passwords are acquired this way. The cyber thief may also test his hacking skills by brute forcing his way into your accounts due to weak and guessable passwords.

Some of the easily guessable passwords include:

  • Easy-to-guess number combinations like 111111, 123456 or 121212
  • Password (and all combinations of the word) password1, [email protected]$$w0rd
  • Favorite sports, mascots or teams
  • Positive or happy words like sunshine, happiness, iloveyou

Passwords can become guessable by followers of social media. If you share too much information about your hobbies or favorites and then use that as a password, you are leaving the door open for hackers.

Users have so many accounts that password security tends to cause poor habits resulting in password fatigue.

What are some ways that you can protect yourself?

  • Use a passphrase.
    • Passphrases can be a line from a poem or book or a random phrase. “Take a walk in the woods.” is long and not very guessable.
  • Long and strong
    • The longer your passphrase, the better. Include punctuation and numbers to add complexity. “Take 1 walk in the w00ds!”
  • Use a different password for each application or site.
    • If your password is leaked, you will only have to change your password on one site while the others are still protected.
  • Use a password manager.
    • It is easy to store all your passwords in a password manager that you can install on your phone and/or other devices. You only need to remember the master key to access all of your passwords. Many password managers have free versions. Best Password Managers of 2020

As single forms of authentication, passwords alone are not secure enough. Using additional forms of authentication can make your account access more formidable.

  • Two-factor authentication (2FA)
    • The use of an additional security measure to access your critical information is an added deterrent. What you know (PIN), what you have (a card), what you are (fingerprint).
  • Multi-factor authentication (MFA)
    • All 2FA is MFA but not all MFA is 2FA. Huh? MFA may include a third, fourth or even fifth form of authentication. This level of security is not used very often but may be seen in instances where the data is highly sensitive.
  • Security questions
    • Security questions are considered a form of MFA but are the least secure of the “what you know” category... Unless you supply a false response to the question. If the question is “What was your first car?” you might respond with “Formula One.” Wrong answers might be difficult to remember, but you can always store that information in your password manager.