To choose a good, safe password, it’s essential to know why password strength is necessary: it’s not likely that an individual will take time to try cracking your password and gaining access to your accounts and files. Instead, the work will likely be performed by a computer program capable of inundating a firewall with a barrage of potential passwords until the correct one is discovered.
Don’t make it easier for them by making your password “1-2-3-4-5-6-7,” as apparently, nearly 20 percent of all people do. Other simple passwords that don’t pass the test are “qwerty,” “apple,” “princess,” “qwerty 123,” “letmein,” “iloveyou,” “qwertyuiop,” and your child’s name is another popular password. Also, reusing the same password on multiple sites is a bad idea that nearly 30 percent of people practice – a fact discovered in a security breach of 32 million accounts leaked to the dark web.
Don’t Take the Bait
A smart individual hacker has many opportunities to gain access to your files by guessing – or plotting. Often a fake website or phishing email that offers some gift or benefit for logging on is a veiled attempt to steal your password. Other times a phishing email will be disguised as a message from a legitimate bank or business that needs to contact you (if you’d just log on through their link). That’s how Russian hackers allegedly got access to thousands of Democratic National Campaign emails in 2015, launching the international scandal over interference in the presidential campaign.
So, if your password is a string of consecutive numbers or “password,” it’s time to change that. Because hackers have developed all sorts of new and devious ways to hijack your most personal information.
Experts warn that weak passwords or simplistic password combinations can have devastating consequences for businesses, like data breaches. Even Equifax, the major credit reporting company, had its files hacked, resulting in millions of stolen social security numbers and other personal data.
Other Ways Hackers Get In
Easier than guessing your password or lurking over your shoulder in a coffee shop is setting up a fake public wifi network and using it to plant malware on the mobile and laptop devices people use to connect with. These may launch keyloggers on your hard drive, which are programs that steal password lists, allowing the hacker to gain access to your accounts without actually stealing your phone or computer. Experts also suggest not entering passwords on public computers such as at libraries because these may be infected with malware that will access your account.
Some schemes prey on unsuspecting employees of companies by setting up fake IT (computer assistance) phone lines that request personal identification information and passwords when employees phone in. Even one or two points of access into a company’s files can wreak havoc, whether stealing information or releasing malware that disrupts the company’s ability to do business. Ransomware attacks are examples of this sort of damaging hacking. Malware activated on a company’s computers is the number one way hackers get in, essentially locking up all files and functions until a ransom is paid, usually in untraceable cryptocurrency like Bitcoin.
Psychological hacking is a more personal approach to attacking computer security. The 2015 hack of the dating site for cheating spouses, Ashley Madison, threatened to divulge users’ names as well as any explicit sexual fantasies they’d listed on the site, which gave the owners plenty of motivation to deal with the hacker’s demands. Just a few years later, those of us with connected homes that include microphones and cameras for security could find ourselves the target of attacks that include recordings of conversations and views of our homes by turning those devices against us.
Tips From the Pros
Make it harder for hackers to guess your password with these suggestions:
- Make sure your complex passwords have at least eight characters long, including symbols, numbers, uppercase, and lowercase letters.
- Use your keyboard to make strong passwords out of shapes (such as letters)
- Change passwords to sensitive online accounts at least once a year
- Turn on two-factor authentication when available
- Change the answers to your security questions into nonsense strings of letters and numbers or random words.
- Don’t use swear words for passwords.
- Always be on the lookout for trending cyberattacks and educate yourself on cybersecurity to protect yourself.
- Use passwords generators like NordPass or OnePassword to create secure passwords to avoid data leaks.
- Never use any from the list of worst passwords to use.
Many sources suggest using a password management service that includes a password generator such as LastPass or Dashlane, which are sophisticated enough to mimic the security settings the government uses. With these, you need only remember one password, which opens the “vault.”