Years ago and perhaps even now, you picked one password and stuck with it. Something you were able to remember—your kid’s name or home address. One of my neighbors has even used her banking pin as her password for years until her bank discovered her bank account had been victim to tens of thousands of dollars in fraudulent charges.
Does this sound like you or someone on your staff?
While having memorable passwords is by no means a bad thing, having easily cracked passwords (and using those passwords for many logins) can lead to terrible outcomes. Today I want to spend a few minutes walking through appropriate password hygiene and help you come up with a plan to understand how to best implement a usable password policy in your office.
So you’ve been using the same password for multiple accounts?
Maybe you or your team members have been using the same password for their personal and work accounts. Facebook, Gmail, Outlook and perhaps a slew of other work accounts all with the same exact username and password. Nearly 65% of users repeat passwords across personal and work accounts.
The scary part about doing this?
Hackers can easily get access to personal account information today more than ever. In fact, hackers can crack a Facebook account in less than 3 minutes—as long as they know the user’s phone number (which is often published online somewhere!). Most folks don’t realize this, but over 45% of Americans have some sort of passwords getting spread on the Dark Web.
Though most of these passwords are linked to social media accounts like Facebook, Twitter, or MySpace, you’d be surprised how many of these published passwords are actually being used in workplaces like yours every single day.
Having the same password on multiple sites is exactly the same as giving over the keys to your house to every single Amazon delivery guy that drops off a package. If you share passwords across multiple sites and one become breached, don’t be surprised if a hacker tries accessing other accounts—including those at work with the same passwords.
Are your passwords easy to crack?
One of the most common ways hackers crack into computers and networks is by guessing passwords. Simple and commonly used passwords actually enable hackers to gain easy access to information that they shouldn’t be getting into.
Some of the most common passwords STILL used today continue to be simple passwords that were common in the ‘90s: “password” and “123456” continue to be 2 unbelievably insecure passwords that continue to pop up in Dark Web hacking forums as real passwords on networks!
I kid you not, some of the passwords on your network may be on the run of the mill password lists hackers commonly start with to crack and hack networks. If you’re concerned specifically about your network being vulnerable to breaches, consider a free network assessment to ease your mind.
But to get you started, here are a few tips on creating a hard passwords:
The longer the better—the shorter your password, the less time it will take to crack into your account. With faster processors, hackers can certainly crack any combination of numbers, letters and characters if the password is too short. Consider 12 characters or longer to ensure a hacker won’t be able to get in too easily.
Avoid names, places and dictionary words—hackers look for patterns when they are cracking passwords. They start with names, places, and dictionary words. They will go through their entire database of English and foreign words before tackling other character combinations.
Mix it up a bit—use variations on capitalization, spelling, numbers and special characters. Consider misspelling words if you choose to include full words in your passwords to make things a touch harder to solve.
What’s an easy way to create secure, yet memorable passwords?
One of the easiest ways to create passwords is by taking a sentence and turning into a password.
The sentence can be anything personal and memorable to you. Take the words, abbreviate them and combine the letters to worm a unique password. Here are a couple examples to get your marbles moving (Note: please do not use these passwords, rather create your own unique ones that no one knows!).
Woohoo! The Eagles won the Super Bowl! = WOO!TEwonTSB!
This password is extremely hard to remember! = TpisEhtRem
Remember: Hackers are lazier than you might think! If they’ve got to choose between spinning their wheels to crack into well-protected networks, where users understand password hygiene and abide by secure password policies or to those that never track and monitor weak and shared passwords, which accounts will they try and break into first?
If your business is making it easy for hackers to crack your network by allowing for repeated passwords, shared logins amongst employees, or allowing easy to crack passwords, you’re likely already nearing the cross hairs of a major cyberattack!
How to evaluate the state of your password hygiene or fix a chronic password policy problem? Security experts agree that a network security assessment is the best first step in cleaning up password problems on your network.