The recent leak of the list of political figures with offshore holdings designed to hide their wealth in the widely-known Panama Papers should give us all a wake-up call on our own password security. While that may be an inside job, it is still best to check the safety of our business and personal data and protect it the best way we can – by ensuring the integrity of our own passwords.
Of course the immediate question may be, “Who would want to hack into my accounts?” Cyber criminals do not discriminate. They do not know of your personal and professional backgrounds. They see an email and they assume that you may hold valuable company information or use it for recovery of your other passwords. There’s so many things they can do maliciously once they get a hold of your account.
Your passwords may be compromised a number of ways like someone’s out to get you. If they’re close to you and know you well, they might be able to guess your password. Or a brute-force attack by a hacker may try to access a group of user accounts including yours. They actually have a systematic way of guessing until they find the correct one. And there’s the company-wide data breach, with millions of people’s account information being leaked. Remember Ashley Madison?
So how unsecure is your password? Here are some ways to check.
Do you write it down?
Do you have your own password-creating system?
Do you send your password through email or give it out over the phone?
Do you have the AutoComplete feature on your web browsers (Firefox, Chrome, IE) for usernames and passwords enabled?
Do you often change your passwords?
Do you clear the cache after using a public PC?
Do you have a password-reset disk?
Do you have a password-management application?
If your answer to these are mostly against your password's security, then you know just how vulnerable your password can be. This may sound bad, but your awareness of this potential risk is a key first step.
Creating a Secure Password
Now, after you've made sure you won't make these mistakes anymore, what makes for a good password? After all, the more the complex the password, the harder it would be to break down.
The ideal password is at least 16 characters that include a combination of uppercase and lowercase letters, numbers, and symbols, and in some cases where they're allowed, spaces. They shouldn't use usernames, of course. And mustn't be used on other sites or else if a hacker has guessed one, he can get through to the other accounts. Creating them then becomes quite the complex and unwanted chore. After all, after creating them, there's the job of remembering them.
One tip that's been shared by Dennis O'Reilly is to create phrases (about stuff you like or passionate about) then take the first letter of each word and all numbers and symbols and use them for your password. For instance, "The Vancouver Canucks is becoming an awesome team in 2016!" Your password will then be TVCibaati2016! You can even check the strength of your passwords through Microsoft's online strength checker. And for added security, if online sites have a two-step verification, be sure to enable it.
If you're too busy to think of phrases, thankfully, there are available resources that could generate complex passwords for you. There's Password Generator, LastPass, Random.org, among many other sites.
But this ideal password would be obviously hard to remember - especially these days with the hundreds of sites that people have an account on that require login information.
To satisfy this need, password managers were created.
Their job is to store all of your passwords securely and to fill out your login forms so you don't have to feel like you failed a test because you couldn't remember or have not memorized your own password.
There's lots available and some have both free and paid versions. According to PC Mag, the best of the lot this 2016 include Dashlane 4, LastPass 4.0 Premium, Sticky Passwords Premium, and Roboform Everywhere 7.
Securing your passwords may seem like a tedious job, but it's worth it if you think of the price you may pay should your passwords get compromised.
If you want to ensure your IT security, then do give us a call and schedule a free consultation.