What is a Secure Password?
One of the most annoying aspects of computing is having to password protect your user accounts, websites, email and backups. When the Internet and computers were first being designed the original architects actually believed in an open world where there was nothing to hide and so ironically security wasn’t primary concern. Freedom of information was more important in the creation of The Internet than any concern for foreign or domestic threats against you and me.
In the modern world we are constantly bombarded with news of someone being hacked, more accounts being compromised, and we’re often finding out months or years after the event occurs whether or not our personal private information was included in the breach. What can we do when we are so disconnected from what’s happening or feel helpless because we can’t keep up with cyber world?
It’s actually not that bad if you understand some basic principles and can change your online habits. Let’s take a look at a couple basic philosophies that can change everything.
Social Media and Sharing
The first issue is the habitual broadcasting of all of our information without considering where it goes, how it is stored, who can see it, and how it may be used. Millennials have been raised in a digital environment where they’ve been taught to trust and share everything, in some cases it’s become an uncontrollable addiction. This lacks conventional wisdom that teaches us not to trust strangers. The assumption is that if you are doing something with sincerity, that there is no reason not to share it.
Hackers typically observe from a distance. They could setup a fake profile and convince you to connect with them. From your posts they can easily learn information about you from your own posts or from your friends that can help them hack you. Social media is usually a launching point for hackers looking for a target.
To reduce the odds of being a target we recommend dialing back the posting and thinking twice before sharing any information. Ask yourself if it really matters if you share a particular photo, tell people what you’re eating, or where you are vacationing while you are actually there.
The second issue is the actual password. The hassle of changing passwords is frustrating and so we naturally resist doing any maintenance in this area. Unfortunately this is usually your only protection against online thieves. Most hackers can attempt as many passwords as they want on your accounts without detection. Even Google has left openings in their system where a hacker can try thousands of guesses without you ever being informed.
Companies like Google and Apple have added key generators and 2-factor authentication systems to assist with stronger security but most of these can be bypassed with a couple phone calls or by finding a loophole in your setup. For this reason you need to maintain your passwords and stay vigilant. I’ve already seen two Google accounts with these protections be compromised this month, and they would’ve been protected by basic password best practices, not the new security features.
Convenience is considered the opposite of security but if you ask anyone who has been hacked you’ll find out that the hassle of undoing the damage is far worse, and in many cases the hackers deleted priceless family photographs and emails. The damage often been more costly to the victim that the value of the reward that the hacker received.
The top practices by security professionals are simple:
1. use complex passwords – we recommend passwords that are 12-16 characters long that include a mixture of numbers, symbols and both uppercase and lowercase letters. This combination means that hackers have to guess billions and trillions of times before discovering your password.
2. change passwords frequently – we suggest changing your passwords at least monthly. Assume that a hacker has captured some information about the websites you visit and are trying your username and password thousands of times per hour using tools they downloaded from the internet. If your password hasn’t changed in 6 months, that just gives them more time to discover it. A moving target is harder to hit. Plus, the more times you use the old password, the more chances the hacker has of discovering it.
3. do not reuse passwords – passwords should not be used in more than one place. Different services have different levels of security. If you found out tomorrow that Microsoft, Yahoo or Google was hacked again, would that mean that your banking password was stolen? It is very important that each site or account have a different password so one key doesn’t unlock your entire world.
There are some great tools available to help manage your online passwords, and if you don’t mind spending a little money to secure your information, we recommend 1password. In several studies it’s been shown to be the most secure and has not been compromised unlike it’s competitors.
We recommend using these tools to change your passwords at least monthly or whenever you are connected to a site if you only access it once in a while. If you have hundreds of passwords, we recommend you start as you access each one, and take it one step at time. Starting now with a little bit of effort every day could end up saving you and your family.