Our first blog post for this year’s National Cyber Security Awareness month is about passwords.
A password is your first line of defense. Naturally, you should do everything you can to make it as strong and secure as possible. This guide will provide some helpful tips on choosing a strong password, as well as a list of some of the common pitfalls of password security.
Don’t use common words or guessable events
Your number one priority should be to ensure that your password can’t be easily guessed or hacked. The image above shows a list of some of the most commonly used passwords of 2010 (The list hasn’t changed much over the last few years). It’s really easy to remember your wedding date, birthdays, the name of your kids, pets, etc. Unfortunately all of that information can be easily found on social sites (or google), and can just as easily be input into a program that will try tens of thousands of combinations per second to try and crack your code.
Do not reuses your password on multiple sites!
This is one of the biggest points that I try to stress to people. Here’s why: If an obscure (or small-time) website site is hacked, it may not seem like a big deal. Sure, you have an account with them, but you’ve never purchased anything from there, so you’re safe, right? As it turns out, you use that same password on multiple sites, including Facebook or Amazon. Now you’re toast.
Avoid free or public WiFi
How do you really know that the “AttFreeMetroWifi” hotspot you just connected to isn’t some random person sitting next to you with a fake wireless connection? The moment you connect to their laptop and try to log into a website, they will have your passwords. It’s a very common tactic and pretty easy to do, which is why I avoid free and public wifi hotspots unless absolutely necessary.
Simple words by themselves are useless, until they are combined to form something more complex. I once read that a good tip for choosing a password was to look around your room or office, and choose the first four things that you saw. If I did that, my password would be: iPhone5WalletRemoteKitKats. It seems simple, but the longer the password, the much more difficult it is to crack. Don’t forget to toss things up by using capital letters and numbers.
Test your password with HowSecureIsMyPassword.net
HowSecureIsMyPassword.net is a free service that will let you put in a password and see how long it would take a computer to crack it. Using the password above, “iPhone5WalletRemoteKitKats”, it would take 316 octomillion years.
Don’t give your password to anyone
Sometimes it’s just easier to just give your password to your friend who is trying to help you out by logging into your Facebook at 2am because you’re too busy drinking shots off some random girl’s stomach. Resist the temptation and never give your passwords to anyone.
Are you sure that website is real?
I will cover how to spot email phishing attacks later this month. For now, be sure that the website you are trying to log into is really who they say they are. To double check, always look at the address bar and make sure that www.bankofamerica.com doesn’t actually say www.bannkofamerica.com. It’s subtle but very sneaky.