As the season of good cheer and cybercrime approaches let us again look at the password with some simple home truths to better protection and give you some insight into your weaknesses.
By Q3 2019 alone they were 7.9 billion records exposed through data breaches. By the same time in 2020 there had been a staggering 36 billion exposed records! This problem simply is not going away. The chances are your passwords are available on the Dark Web as you read this.
With the computer power available these days to mine bitcoins and play the latest Call Of Duty your memorable password would probably take less than a second to fathom for a computer!
All the sites you use store a version of your password and it is not a case of ‘if’ but ‘when’ those details get hacked. It WILL happen and there is nothing you can do about it!
Over the years we have been told differing ways to improve our passwords. A good password comes down to its entropy which is related to the character set used and the length. Today however this is all academic and makes no difference to your password creation abilities. Replacing a character for a special character makes no difference to the entropy. Password length is the key element, as is the ‘randomness’ of your character choices.
The truth is you are incapable of creating a good password – period. Do we need to say this twice?
Our other faults are laziness – saving passwords in our browsers and using memorable information that can be socially mined quite easily. Using passwords more than once with little to no variation. Not changing our passwords for fear of not remembering them.
It is time to simply STOP! And for once thwarting everyone and sundry making off with the crown jewels. By changing a few habits your risks can dimmish greatly.
Hackers know our weaknesses all too well and have plugged these nuances into computers which can rip through data at an alarming rate to uncover your inner secrets. You simply have little to no chance of beating them – except it and let us start improving what you CAN do.
Use a Password Manager!
- Use these tools to create massive and complex passwords – increase the password entropy to super safe so brute force attacks will never affect you. There are only so many available characters, so you need long passwords to improve the entropy equation. Forget 8, 10, or 14 characters. Think 25 or 40 or even more character passwords!
- Create a single strong password for the Password Manager and keep it safe! Protect that from ALL phishing attempts like no other. It is your main and only protection!
Simply dispense with any emails saying your “password manager has an issue – click this link to fix it.”
Be Password Conscious
Managing complex passwords may seem troublesome, as we are lazy by default, but this must change and does not have be to difficult. The rewards are worth it.
- You simply cannot remember an effective password – so stop trying! Instead, use the correct tool for the job.
- Use a different password for every site you use – if there is a breach only one site needs a new password, and your worry is reduced.
- Browsers can ‘store’ your passwords for you by request. Be mindful of this feature. Some sites might be more important than others. Your local chess club is not as important as your bank account. The more important the site the less likely you really want to store your password in your browser to make life easier – the hassle NEVER outweighs the risk.
- Your email account might not seem as important, as your bank for example but be wary, as your email might contain ALL of your life secrets (and passwords)!
- Rate the importance and regularity of a site and employ 2FA (Two Factor Access) on the most important accounts. This way your password is not the only key to the castle.
- Contrary to popular belief a password written down in a semi-safe location is ALWAYS safer than one stored on a computer – be that your own computer, or on the Cloud.
(Always remember that ‘the Cloud’ is just another computer, somewhere).
Stop Passing the Blame
The ‘buck’ stops with you goes the saying. It might be enlightening to know that cyber security is a bigger earner than the crime itself. There are lots of businesses selling silver bullets such as ‘Dark Web Monitoring’, or this and that protection. They all have varying levels of success and add further burdens.
Dark Web Monitoring is impossible, as it is simply too large. Checking your email on sites like www.haveibeenpwned.com is as good as it gets.
We all need protection but never consider that protection full proof and effectively sweep the issue under the carpet. A few changes of habit will make a far better solution to an ever-growing problem and as the statistics prove; the problem is usually the weakest link – us.
- Stop creating passwords – people are not particularly good at it. Instead, use a Password Manager with a powerful password generator.
- Do not use the same password more than once.
- Think about where you ‘save’ your passwords – a browser is not as safe as a Password Manager. Being lazy has a cost – at some point.
- Protect your Password Manager at all costs! Be sure to keep reading our blogs for future useful articles on email and phishing…