How secure are your passwords? With so much at stake, it’s surprising that many of us have been reusing the same, easy-to-crack passwords for years. While most of us give little thought to the matter, hackers all over the world gain easy access to millions of user accounts by taking advantage of weak-or average-strength passwords.
According to the June 2015 TeleSign Consumer Account Security Report, 73 percent of the consumers polled used the same password across multiple accounts. Even more disturbing, 47 percent of those people kept the same duplicate password for at least five years. Topping it all off, the study found the following to be the top passwords of 2014:
Without a doubt, many of us need to improve our password security. This is especially true as the rate of cyber breaches continues to increase. According to the TeleSign study, two out of five people polled received a notice that their personal information had been compromised, had an account hacked or had a password stolen. This should come as no surprise considering the high number of weak passwords in circulation. Even though 80 percent of those polled indicated a high concern for their security, they still were using weak passwords that could easily be compromised.
Why Password Security is So Critical – Equifax
Securing your personal information has never been more critical. Not only does this matter for individuals with personal accounts and credit to protect, but also for the organizations in which they work. Many C-level executives with access to highly confidential information are often guilty of using weak passwords to protect their organization’s most valuable assets. In fact, a recent investigation on Equifax discovered the login credentials to one of their databases was Admin/Admin. While cybersecurity practices have evolved to address modern cybercrime, they still can’t prevent human-related mistakes like weak password creation.
Weak passwords are at the core of most human-caused security vulnerabilities. These weak passwords make it easy for hackers to access highly sensitive information and destroy their victim’s credit. Weak passwords, like Password#1 and Joe12345, are still commonly used by many and make it easy for hackers to match a first name or email address with the password. Don’t be complicit with easy-to-remember passwords when you have so much at stake.
Weak Security Questions
Not only can you get hacked by having a weak password, you can also get hacked by having a weak security question. Often times, answers to security questions that include the names of close family members or pets are easily discovered by visiting your social media pages. Remember, there’s more than one way to get a password and easy-to-decipher security questions make it easy for hackers to gain access to your most sensitive accounts.
Dictionary attacks are techniques for deciphering passwords that use millions of likely possible words found in a dictionary. These attacks are commonly carried out with password cracking software like John the Ripper. This software- often found online for free- combines millions of words to arrive at likely possibilities. Those using correctly spelled words to create their passwords run a much higher risk of getting hit by a dictionary attack.
Reusing Old Passwords
People grow attached to the craziest things. Unfortunately for many, this applies to passwords. Reused passwords often include the names of loved ones or family pets. While you may be experiencing a fond memory every time you log in, you’re also making it easy for someone to hack your account simply by viewing your social media profiles.
One Password for Multiple Sites
If you really want to give a hacker the keys to your palace, just use one password for all your accounts. While it seems funny, the reality is many of use one password on multiple sites. Once the password has been deciphered by a cybercriminal, your banking can be wiped out and your credit damaged for many years.
One of the most common ways hackers get access to passwords is through phishing scams. The victim receives an email looking like it’s coming from reputable online service. The email will ask the victim to resubmit their account information or login from a link provided in the email. The sensitive information is collected and used to hack the victim at a later time.
Improving Your Password Security
With so many threats abound, we all need to take our password security more seriously. McAfee consultant, Robert Siciliano, lays out list of expert-driven recommendations and best practices for those needing to update their password security. How many of these recommendations are you following?
- Use at least 8 characters consisting of lowercase and uppercase letters, numbers, and symbols.
- Use different passwords and update them frequently
- Substitute numbers or symbols that mimic letters when using words found in a dictionary.
- Don’t share your passwords.
- Avoid keyloggers with comprehensive security software.
- Don’t log in on devices you don’t manage.
- Don’t log in to accounts when using unsecured Wi-Fi connections.
- Update passwords on sensitive accounts more frequently than others.
- Create passwords that are easy to remember but hard to guess.
- If you write down passwords, keep them away from your computer and personal devices.
- Create a stronger password if the website indicates an average or a weak password.
- Avoid a lot of headache and manage sensitive accounts with a password manager.
Summing It Up
Whether it’s poorly created passwords, weak security questions, dictionary attacks, recycled passwords, or phishing scams, human-created vulnerabilities are making it easy for hackers to take advantage. Improving password security is the best way to lock up your most sensitive information, and those who take the time to create stronger passwords are mitigating avoidable damage. Although these best practices lack convenience, they’ll certainly allow you to sleep better at night. Put a better lock on your online activity with improved password security.