Using a strong password is an important part of your online protection, but as cyber criminals become more sophisticated and determined, you must take additional precautions when protecting your digital identity. Here are some things to consider:
Don’t use the same password for multiple websites
According to a recent survey by Harris Poll and Google, two-thirds of US adults use the same password for more than one online account. If that password is stolen, the hacker now has access to not one, but several of your online accounts. Using a unique password for each of your accounts will minimize that risk.
Earlier this month, Google announced a new Password Checkup feature that will automatically scan databases of stolen credentials on the dark web and alert you if your password has been exposed in a data breach. It will also alert you if your password is used across multiple sites or if you’re using a weak password that should be updated.
Using a password manager to store and track your online credentials will help eliminate the problem of remembering multiple passwords. There are many excellent free or low-cost options available like LastPass, 1Keeper and Dashlane.
New rules regarding password strength
The recommendations for creating a strong password have changed, and so have the methods used to crack them. Rather than the historical “dictionary attack”, where the attacker uses a rapid series of common passwords, a newer “brute force” attack is being used. This attack also uses dictionary words and popular passwords, but also tries all possible variances of those words using typical combinations of character substitutions. In this case, the password “Arm@di110” is no more secure than just plain “Armadillo”.
The rising popularity of brute force attacks has led to a shift from shorter complex passwords to longer passphrases. Using popular hacking tools, a nine-character password would take five days to break. Adding a 10th character increases that time to four months and adding an 11th character increases it to 10 years. Using a longer passphrase is a much more secure alternative.
Examples of Good passphrases:
- Don’tStopBelievin – if you’re a Journey fan
- IAmAMichiganWolverine – No further explanation necessary.
- YellowDoorHamsterWheel – A random selection of words forms a very strong passphrase. Make it meaningful so it’s easy to remember (perhaps your door is yellow and you have a pet hamster that likes to run on its wheel).
Don’t answer security questions honestly
Security questions are intended to protect your account in case you forget your password. On the other hand, if someone tries to crack your account without your password, they can attempt to answer your security questions and gain access themselves. How many of your security question answers can be found on your social media accounts? Mother’s maiden name, pet’s name, wedding date? Much of our personal lives are easily accessible online. Some tips for protecting your security questions include:
- Answer all security questions with the same answer. It doesn’t have to be right, it just needs to be something you will remember.
- Spell your security answers backwards or change only the first letter to a number. Any type of modification will thwart an attacker that has access to the correct answers.
- Answer your security questions with the answers of another member of your household.
Use multi-factor authentication (MFA) when available
MFA uses a second form of authentication in addition to the standard login and password, like a code texted to your phone. For a hacker to access your account they would need to know your login credentials and have physical possession of your phone in order to gain access to the account. Use MFS whenever available, but most especially for any of your online financial accounts like banking, credit cards or investments. If MFA is not available, it might be time to find a new provider.
Having services available online is a great convenience, but protecting your accounts requires more than a good strong password. The suggestions provided here will strengthen your online security and help give you some peace of mind.
Additional resources: The following online tools can help you not only check your password strength, but let you know if your password has been leaked in any data security breaches. You might be surprised to find that the password you regularly use on your banking and e-commerce sites is easily found on the dark web by hackers.
Password strength checker – This will tell you how long it would take a hacker to crack your password.
Stolen password database – This site will tell you if your email address or password has been found on the dark web due to a data breach.