Password security and its importance!
Would you leave your front door unlocked 24/7? How about leaving your car with the key in the ignition while you do your weekly shop? The same goes for online services such as email and social media accounts – if you leave them wide open, they will be stolen.
This is where password security comes in – yes, you are required to have a password by default for any accounts you may sign up for online but if the passwords you use are simple, they are not secure – much like leaving your front door unlocked.
Why do I need a secure password?
Without a secure password you are leaving your online accounts (and a lot of the time, your online alias) unlocked ready for an attacker to simply crack that password and head straight on in without you knowing until they’ve done everything they can to act like you and then lock you out of your own account!
You may be thinking “my bank has a really secure password, so why worry? Attackers can’t steal anything from my Facebook account?” – while they can’t steal money from your social media accounts, they can pose as you and your business and potentially cause some damage. For example, if you manage your business Facebook page through your Facebook account with a bad password, it’s very easy for an attacker to post on your behalf to your business page and advertise a competitor or worse, slate your customers. This causes a real credibility issue.
Most common passwords
Here is a list of the most popular used passwords in 2019:
If you have any of the above, you most definitely should change it right now.
Other examples of the most common passwords used include names of children and favourite bands such as ‘blink182’ making it into the top 20.
How to make a secure password
There are two ways to make a secure password for your accounts.
1. You can use online tools such as https://passwordsgenerator.net/ that will let you create a strong password that is near impossible to crack. This source is a good example as they do not provide the password over the internet to multiple people, just to your device. It’s also good because it provides a ‘remember your password’ feature with acronyms, in case you’re into that.
2. You can create your own strong password by using a mix of lowercase/uppercase characters as well as a mix of numbers and symbols. Let’s say your password was as above ‘blink182’ why not try something like ‘B!inK#182!@*’ ? (Maybe don’t use this one now it’s been in a blog post…….)
2 Factor Authentication
Most online accounts allow you to set up something called 2-factor authentication (or 2FA for short) to prevent unauthorised people from accessing your accounts if they ever do get a hold of your password.
2FA essentially verifies a login if it is from a different location that is not already trusted and often uses your mobile number to verify if the login is allowed. For example, in Google’s case, if you have it enabled a text message is sent with a one time code to the verified phone number that you need to enter to be able to complete the login to your account.
Check if your services have this feature and take the time out of your day to set this up – it will save a headache in the future I’m sure.
How are attackers even guessing passwords?
If you think an attacker is sat at his/her computer trying to guess your password repeatedly until he/she gets in, you’re almost correct.
Instead, an attacker will use a word list to perform a ‘dictionary attack’. These words lists will contain thousands, sometimes millions of commonly used password and will be running on a server to keep trying – one after another until it finds the correct one. It’s a passive attack that will be set away and notify the hacker when everything’s done.
By setting up a secure password, I am not saying it can’t be hacked, but it will take a very long time to gain access, sometimes years depending on the word list size. Often, attackers will set a time limit on attacks, so it doesn’t take too long and move onto the next one. If you can get outside of the time limit, then you’re safe. So, the more symbols, characters, numbers that you use in your password the better as they may not have the correct combination and even more so, it won’t be high up in the word list even if they do.
In the small chance that someone does mine your password using a dictionary attack that they’ve been running for years, if you have 2FA enabled then they’ve just wasted their time even more – serves them right, huh?
I know a lot of people who use the same password for every account they have online, this is very bad practice.
If one account is compromised, you are at a high risk of having everything compromised the same day because one attack has found the password for everything you have online. Do yourself a favour and make sure that every account you have access to has a different password to minimise the risk of everything being hacked together.
I’ve been hacked!
If your password has been compromised, I recommend you change it to something secure straight away and also change the password of accounts that share that password to keep them out!
As we all start to adapt to a more online world it's important to ensure that we keep our businesses safe. By following these simple measures you're less likely to get hacked and lose all your hard work and livelihood.