March 13, 2018
How effective are your password habits?
While a good password is one of the most basic lines of defence against cybercrime, many data breaches today can be traced back to a bad password habit.
The 2017 Verizon Data Breach Investigations Report showed that 81% of hacking-related breaches were the result of either stolen or weak passwords.
To remember their passwords, a lot of people use personal information such as their birth date, a street name or number, a pet’s name, or their mother’s maiden name. But hackers often research social media pages to find information that might be used for password hints – and then try out combinations to gain access. Make passwords as random and meaningless as possible.
Hackers often try commonly-used passwords to get into accounts. The top 10 of SplashData’s annual list of worst passwords are 123456, Password, 12345678, qwerty, 12345, 123456789, letmein, 1234567, football, and iloveyou. To create a strong password, make it long and complicated, and incorporate upper and lower case letters, numbers, and symbols.
Many cyber attacks are followed by second attacks with hackers attempting to use stolen passwords on a wide range of different websites and accounts. That’s because hackers know the same password is often used for more than one account - a 2017 survey by SecureAuth Corp. showed that over 80% of people do not have different passwords for their different accounts and devices. Don’t use the same password for everything. A hacker only has to crack this password once to access several accounts.
According to Pew Research Center, 49% of online adults say they keep the passwords to at least some of their online accounts written down on pieces of paper; 18% say this is the method they rely on most. Never display passwords especially on Post-it notes stuck to your monitor or close to your workspace. Use password manager software, or securely store passwords.
If the browser on your computer has all your passwords saved and the mobile device is lost or stolen or a hacker takes remote control of the device, your online accounts are vulnerable. Saving passwords is also not recommended for home devices because roommates, family members, or visitors may like to snoop around on your computer when you aren’t around. Don’t save passwords this way, and always use multi-factor authentication too.
A lot of new devices come with a default password. But cyber criminals are aware of many of these passwords. Whenever you get a new device and it has a default username and password (such as ‘admin’, ‘adminpassword’ or an account number), change it immediately.
Strong passwords are only one piece of the online security puzzle. Be sure to practice good security habits including secure document destruction in and out of the office.