Happy World Password Day! You might not know this but the first Thursday in May is designated World Password Day to put a focus on better password habits. It’s a good idea since so many people don’t take digital security as seriously as they should.
One of your first lines of defense is account passwords. Taking the time to create strong, unique passwords for all of your accounts is a good start. You might be shocked to find out how many people are still using doozies like 123456 or password. Tap or click here to see the top 20 worst passwords still being used.
It’s time to get serious about account security, and World Password Day is the perfect time to start. By rethinking the way you create and store passwords, you can get back to enjoying the internet instead of fearing it. Here are some new ground rules to follow going forward.
Rule #1: All the characters — no exceptions
Show of hands: Who here among us has opted for a simple, easy-to-remember password? You’d be shocked at how many people have chosen to use a simple passcode like “baseball,” “123456,” or worst of all, “password” when creating an online account.
We tend to have multiple accounts online, so going with the least resistance point is why many create passwords that are easy to remember. Anything beyond that can not only be a struggle to come up with, but it can be even harder to remember.
Unfortunately, these simple passwords are also the easiest to hack. In fact, entire databases exist of the most commonly used passwords on the web, and you can bet that hackers are keen on this subject as well. Simple passwords and phrases are what they try first when attempting to brute-force an account.
For a more successful password, create one using a complex combination of letters, numbers and alternating capitalization. In this case, a phrase like “Bingo123” would be much better off as “biNg01789.” As you can see, the casing is alternated among the letters and the numbers no longer follow an exact sequence.
The more random or complex your password appears, the harder it will be to guess. Naturally, using a more diverse palette of characters gives hackers more chances to fail when guessing your code. Don’t make the job easy for them!
Rule #2: Think bigger
You should also consider staying away from using an ordinary word as the basis of your password. This is simply because words, usually, are small and contain fewer characters. Additionally, algorithm-based password crackers are getting progressively better at figuring out individual words found in most passwords.
To get around this, go bigger. While a full sentence as a password might seem unfeasible, if you think about it, a sentence is a string of consecutive words — perfect for abbreviation into an unrecognizable phrase.
Here’s an example: Let’s say your favorite baseball team is the Cubs. If you’re a Cubs fan, there’s no way you’d forget their stunning World Series victory in 2016. So, to remember your code, take the phrase “Cubs won the World Series in 2016” and abbreviate it to “cwtwsi2016.” Substitute some characters and cases, and you’ll have “cwTw$i2016” — a far more complex password that is not only hard to guess but easy for you to remember.
Try it with a phrase you won’t easily forget, and coming up with a sophisticated password becomes far more simple. You could also create a full-fledged passphrase, where you keep the phrase mostly intact but replace certain letters and numbers with other characters and alternate between capital and lower case. For instance, cUb$W1nW0rLd$3r13$1NzOI6. Now that’d be tough to crack!
Rule #3: Don’t forget about extra protection
Of course, no account security is complete without fully deployed two-factor authentication (2FA). This handy security method has been around for some time now and revolves around using an additional form of identification to access your account. Most commonly, the platform will ask for your cell phone number, and you’ll verify your login attempt with a code the platform texts you.
This is a strong strategy for several reasons. First and foremost, it ties your account access to something only you possess — meaning only you or someone with access to your phone will even have the ability to get in. Second, you’ll be informed of any unauthorized login attempts immediately.
Most importantly, 2FA adds a step that many career hackers won’t even attempt to bother with. It’s too much hassle and far beyond the abilities of any automated programs or brute force hacker apps that might help crack your code.
Rule #4: Being different is key
This is a struggle for many people, and understandably so. On average, people usually have at least one social network they’re a part of, a bank that they frequently access, service accounts for utilities, cloud storage, app store passwords and several more accounts for their online activities.
Trying to remember more than one password is enough to make your brain hurt, which is why people tend to take the easy way out and stretch the same password across multiple accounts. Sadly, this isn’t an option in today’s digital world. Hackers know how common of a mistake this mode of thinking is and bank on it to reap their undeserved profits.
When a hacker cracks a password correctly, they attempt to use it on multiple platforms to see if it works. Unfortunately, it’s all-too-common for their efforts to be successful.
By using different passwords and passphrases across multiple platforms, you’re making a hacker’s work much more difficult. You will prevent a domino effect from occurring in the event of a breach and are being more responsible with your data over taking the easy way out.
Here’s something else you might not have considered: When setting up an online account, many sites will ask you to answer a series of security questions as an added layer of protection. There’s a problem with that method. It’s not difficult for a hacker to get their hands on that information. It could be as simple as checking your social media profiles to get those answers.
To lessen the risk, the answer is simple: lie. Don’t answer the security questions truthfully during the account creation process. It’ll make it much harder for a cybercriminal to crack.
Were you born in Arizona? Answer the security question with something like North Carolina. Did you have a dog named Fred growing up? Instead, say you had a cat named Sparkles. Just remember that this security measure can backfire if you don’t remember your bogus answers.
Since hackers work hard, it’s our job to work harder to create diverse, strong passwords, passphrases and security questions. It’s too bad remembering them all can be a pain, but that brings us to our next rule.
Rule #5: It’s not that hard to keep things organized
A password manager is one of the biggest essentials for modern internet users. By using one, you’re putting your passwords under encryption, which helps keep them safe.
Keep in mind that this is different from using your browser (like Chrome) to store your passwords. Browsers are vulnerable to hacking and compromise, but a secure password manager like our sponsor, RoboForm, gives you the upper hand against cybercriminals.
Of course, you’ll still need to remember a password to access your manager. Thankfully, though, this may be the last password you’ll need to remember at all. Just make sure it’s stored somewhere highly secure, like on a scrap of physical paper or a special notebook locked inside a desk.