Kids, Pets, Birthdates Oh My! – Simplifying Password Complexity
What do kids, pets, birth dates have in common? They are often used as parts of a password, generally a combination of both.
While these are easy to remember, they are not secure. The most secure passwords are 12-32 characters long, randomly generated letters and numbers with special characters thrown in. But who can remember K<~C9&5_L3o9io*M152SpQ1)=w34o8iB?
Long complex passwords are not friendly to remember, and even worse to type in. But short uncomplex passwords such as Maxwell2013! can be even worse. Cyber criminals are always on the lookout for easy to guess passwords through brute force attempts. However, it does not even have to be Cyber criminals who are on the hunt, a disgruntled co-worker or employee can also do damage. Knowing that you have a dog born in 2013 could be enough information for them to crack your password.
Do an audit, walk to a desk and lift the keyboard, mouse pad, or laptop. Did you find a sticky note with a password on it? Chances are that you did find something. Writing down passwords and storing them in an easy to access location is a common mishap. A physical break-in where your computer is taken could result in your information being easily stolen. This is especially dangerous if passwords are saved via browser or excel spreadsheet. A single breach can compromise hundreds of accounts.
Here are things to avoid when creating a password:
- Avoid using personal information
- Using a nickname, birth date, anniversary, mailing address, social security number, phone number, pet name, child’s name, workplace name, sports team, musical bands, first or last name are all bad practices.
- Avoid common words or phrases
- Any variation of “password”, or even “qwerty”, “12345678” are easy to crack, combining these common words or number sequences does not help
- Common passphrases could be “thequickbrownfox”, “iloveyou”, “letmein” are all examples of a bad passphrase
- Do not reuse passwords
- If one password becomes compromised, cyber criminals will go to popular websites and typing your email to see if they can get in, simple variations on “123iloveyou”, “IL0veU2020” are easy to guess once one is compromised
How to keep your password safe:
- Use a Password Manager
- Avoid writing down your password
- You shouldn’t write your password down anywhere. However, if you have to keep it in a secure place! Safely under lock and key, just like how you should not leave your house key underneath the doormat.
- Keep it to yourself
- The more people who know your password, the less secure it is.
- People could share, or store/write it down in an insecure location without you ever knowing.
- Secure your phone
- Password resets are often verified by sending codes to your phone, not setting a pin or pass code on your phone leaves you vulnerable if your phone is ever compromised.
- Allowing your text messages to display on your screen while your phone is locked can also be dangerous, keep those messages hidden and private!
- Avoid phishing attempts
- Many people fall victim to phishing attacks, cyber criminals will mask themselves in their attempt to access your personal information.
- To learn more about avoiding phishing attempts, read our article here: Avoid Getting Hooked! How to Identify Phishing Attacks!
- Use an Advanced Anti-Virus
- Malicious software can squeeze itself onto your computer without you knowing. It could be a hitchhiker on a program installation, through insecure software, or possibly executed unwittingly from an attachment or link. Using an advanced anti-virus can stop these types of attacks before they have a chance to infect a device.
The world we live in today is more connected than ever. Protecting your digital information is critical. Creating and safely storing secure passwords is just one step in protecting yourself. Despite the complexity of strong passwords, there are ways to make it easier than ever to create and record passwords securely.
If you’d like to set up a discussion around any of these items, talk about other ways to help keep your company safe, or improve your security, please e-mail firstname.lastname@example.org or call us at 1-877-843-9611.