In order to choose a good, safe password, it’s important to know why a strong password is important: it’s not likely that an individual will take time to try cracking your password and gaining access to your accounts and files. Instead, the work is likely to be done by a computer program capable of inundating a firewallwith a barrage of potential passwords until the correct one is discovered.
Don’t make it easier for them by making your password “1-2-3-4-5-6-7” as apparently nearly 20 percent of all people do.Other simple passwords that don’t pass the test are “qwerty” “princess” and your child’s name. Also, reusing the same password on multiple sitesis a bad idea that nearly 30 percent of people practice – a fact that was discovered in a security breach of 32 million accounts.
Don’t Take The Bait
A smart individual hacker has many opportunities to gain access to your files by guessing – or plotting. Oftentimes a fake website or phishing email that offers some gift or benefit for logging on is a veiled attempt to steal your password. Other times a phishing email will be disguised as a message from a legitimate bank or business that needs to contact you (if you’d just log on through their link). That’s how Russian hackers allegedly got access to thousands of Democratic National Campaign emails in 2015, launching the international scandal over interference in the presidential campaign.
So, if your password is a string of consecutive numbers, or “password,” it’s time to change that. Because hackers have developed all sorts of new and devious ways to hijack your most personal information.
Experts warn that weak passwords or simplistic password combinations have had devastating consequences for businesses, even Equifax, the major credit reporting company whose files were hacked, resulting in millions of stolen social security numbers and other sensitive information.
Other Ways Hackers Get In
Easier than guessing your password or lurking over your shoulder in a coffee shop is setting up a fake public wifi networkand using it to plant malware on the mobile and laptop devices that people use to connect with. These may launch keyloggers on your hard drive, which are programs that steal passwords, allowing the hacker to gain access to your accounts without actually stealing your phone or computer. Experts also suggest not entering passwords on public computerssuch as at libraries because these may be infected with malware that will access your account.
Some schemes prey on unsuspecting employees of companies by setting up fake IT (computer assistance) phone lines that request personal identification information and passwords when employees phone in. Even one or two points of access into a company’s files can wreak havoc, whether stealing information or releasing malware that disrupts the company’s ability to do business. Ransomware attacksare examples of this sort of damaging hacking: malware is activated on a company’s computers, essentially locking up all files and functions until a ransom is paid, usually in untraceable cryptocurrency like Bitcoin.
Psychological hacking is a more personal approach to attacking computer security. The 2015 hack of the dating site for cheating spouses, Ashley Madison, threatened to divulge users’ names as well as any explicit sexual fantasies they’d listed on the site, which gave the owners plenty of motivation to deal with the hacker’s demands. Just a few years later those of us with connected homes that include microphones and cameras for security could find ourselves the target of attacks that include recordings of conversations and views of our homes by turning those devices against us.
Tips From Pros
Make it harder for hackers to guess your password with these suggestions:
- make your password at least 8 characters long, including symbols and numbers
- use your keyboard to make passwords out of shapes (such as letters)
- change passwords to sensitive websites and accounts at least once a year
- opt for 2-factor authentication when available
- change the answers to your security questions into nonsense strings of letters and numbers too
Many sources suggest using a password management servicesuch as LastPass or Dashlane, which are sophisticated enough to mimic the security settings the government uses. With these, you need only remember one password, which opens the “vault.”