Everything you do these days seems to require a password. Unfortunately, many people don’t realize the potential ramifications of not creating a strong enough lock on their information. Identity theft, credit applications in your name, and access to your financial accounts are just some of the risks you face if your passwords are stolen. In September 2016, Yahoo disclosed that 500 million user accounts were hacked in 2014. In December 2016, they also disclosed that a separate attack in 2013 opened up more than 1 billion accounts. That means a hacker had a copy of the customer/user database containing:
- Login IDs
- Email addresses associated with the accounts
- Passwords (or enough information from which the password can be determined)
- Password hints
Hackers are smart, but the software they use is even smarter – and significantly faster. Weak passwords make their work easy. Splash Data released survey results that show the most commonly used passwords in North America are “123456” and “password”. Once they have a set of usernames and passwords, the hacker (or the criminal to whom they sell data) scans the Internet to find the same combinations on other sites, allowing them to reset banking passwords, reset social media and email passwords, access cell phone accounts, and even read confidential information. With access to your information, they have the ability to expose (or fabricate) things about you through your own social media account that could jeopardize your employment, your relationships and your social standing. Here is what top minds in information technology say you should do to avoid having your password compromised.
- Use a unique password for each account. Use different passwords for each of your important accounts, like email and online banking. Otherwise a hacker, who figures out your password for one less-secure account, could get access to your personal information, online shopping, banking, etc. There are a number of online tools, such as 1Password and LastPass that can help you manage and protect your list. You can also use your browser’s password collection and security function.
- Use a mix of letters, capitalization, numbers and symbols. An eight-character password with numbers, symbols and mixed-case letters has 30,000 times as many possible combinations as a password with only lower case letters.
- Don’t use personal information or common words. Create a unique password that’s unrelated to your personal information. Try using a random word or phrase and insert letters, numbers and symbols to add difficulty (such as “sPo0kyh@ll0w3En”).
- Never click on an emailed link to change your password. When asked to update your personal information on a site, never click on a supplied link. A hacker might be phishing for your information by sending you to a bogus site. Always go to the site through your browser and log in that way.
- Change your passwords regularly. Changing your password regularly will make it more difficult for a hacker to guess what it is. Keep a record of your passwords, just in case you forget them, in a secure place away from your computer.
- Turn on two-factor authentication. When accessing your account, a two-factor authentication means that after you put in a password, the company will contact you by email or text for confirmation that you are accessing the site. Use this for all sites that support it! Even if a hacker gets your password, they won’t be able to access your account.