Bad Passwords

Passwords are quickly becoming a cornerstone to modern living.  From computers and mobile devices to webpage logins, your passwords are one of the most important pieces of data you have, surpassed only by social security and bank routing numbers.  The problem is that people don’t treat them that way.  Users choose weak and overused passwords to protect some of their most sensitive information and as society continues to rely heavily on tech in everyday life, a password can sometimes be the only line of defense between you and would-be attackers.

Passwords are simple when you break them down.  You choose a string of letters, numbers, and special characters at a length between 8-16 characters and you’re done.  Well at least that’s what you should be doing.  According to a report by Telesign in 2015, a company specializing in technology security statistics, the five most popular passwords for users were ‘123456’, ‘password’, ‘12345’, ‘12345678’, and ‘qwerty’.  On top of this, Telesign reported that 54% of people use fewer than 5 passwords across their online activity.  Not only are passwords like this simple to guess for hackers they are easily cracked using software readily available after a few Google searches.  By using fewer than 5 passwords across online accounts, users are setting themselves up for multiple attacks across all of their accounts.

Alright, so let’s say that you are perfect and choose unique and complex passwords for each of your accounts across the internet.  You don’t have any chance of an account hack, right?  Well you’d be half-right.  Unscrupulous internet browsing can lead to malware on your system.  Some malware known as a keylogger can read your keystrokes and send that data to hackers for use at their leisure.  To prevent this users should be mindful of their browsing and avoid clicking on links that could lead to malware installing itself to your system.  Additionally, users should be wary of the “autofill” feature popular among browsers today.  Autofill allows users to keep a list of their usernames and passwords for accounts in their browser and will enter this information when a website prompts the user for this info.  These lists are not very secure and can be accessed relatively easily through the main account containing that list.

So, I’ve detailed the main risks that users take when dealing with their passwords.  What are some ways to minimize the risk of a password being stolen in the future?

Utilize two-factor authentication

Two-factor authentication (2FA for short) is a form of security that requires not only a username and password but another piece of unique identifying information for that person.  A popular form of 2FA is text messages.  Start by signing up for 2FA for the service you’re using and enter your phone number for them to send messages to.  The next time you sign in to that account, you will be prompted to enter the code that they sent to your mobile device to confirm that it is actually you signing in to the account.  2FA is growing very rapidly and most major tech companies like Google and Facebook are utilizing this tech to secure accounts.

Keep your passwords in a secure database

There are many tools that make keeping passwords almost as simple as storing them in your browser, but with much higher security.  The tool that I use for my passwords is KeePass.  This is a free application that stores your passwords in a secure database and has useful features like autofilling and auto-generating strong passwords.  The difference between storing your passwords on KeePass versus on your browser is that KeePass keeps your data stored locally.  What this means is that you aren’t relying on a remote server to keep your information secure. You will still need to keep an eye out for keylogging malware on your machine but KeePass is a great tool to get out of the habit of storing passwords in your browser.

Practice safe internet browsing

Safe browsing habits can help you avoid a majority of threats to your security.  When browsing the internet make sure you know what link you’re clicking on or what a button on a website does.  You should also be sure to have a secure connection to a website.  HTTPS is the standard for ensuring that your connection to a site is private.  HTTPS is easily identified by looking to the URL of the web page you’re visiting.  If there are letters saying ‘https’ before the rest of the URL, you’re good to go.  This will help identify the connection you have to a site.  I would also recommend adding an ad-blocker extension to your browser as sites that don’t vet the ads they display could be running malicious javascript code and infect your system.

Password protection should be a main concern for you every time you log into a system. Hackers are only getting better at getting your passwords and access to your private data.  By following some simple guidelines you can protect yourself from most of the common security risks happening today. I hope that this guide has shed some light on the issues surrounding weak passwords and has given you some options to better secure your daily life.

Links to sources: