We all know that creating stronger passwords will help protect us from hackers, but most of us just don’t do anything about it. It is understandable. Complex passwords are hard to remember which make signing into the multitude of websites we use every day frustrating and annoying. But password safety is a critical measure in protecting you and your family from cybercrimes which are increasing astronomically. If cybercriminals get your password they can cause you serious financial harm—draining your bank account, opening up fraudulent accounts in your name, or “kidnapping” your data and holding it for ransom.
The Federal Trade Commission (FTC) reported that in 2020 it received more than 2 million fraud reports, nearly 1.4 million reported cases of identity theft, and Americans lost more than $3.3 billion to hackers. And these are only reported losses. Actual losses are likely many times larger. The 2020 losses were about twice as bad as they were in 2019. The message is clear: hackers are out to steal your passwords and they are getting better at it. But we can get better, too, by building stronger defenses—a better moat around our cyber castles.
Create Stronger, More Complex Passwords. We all know if we use 1234 as a password we are opening the gates to criminals, but “it's simply human nature to want things to be easy to use and remember,” Mikko Laaksonen, chief executive officer of Responsible Cyber, told Yahoo Life. But this is risky. "What is easy to remember may also be easy to guess.”
Even passwords that meet the requirements of complex password systems can be weak. “Abc123! is an example,” points out cyber security expert Joseph Steinberg. This "meets the requirements of many complex password systems, as it is seven characters long and contains a capital letter, a lower case letter, a number, and a special character," he says. But, "such a password is weak and is likely to be guessed rather quickly by most password-cracking-systems that have been trained to mimic typical human password-creation behaviors."
Laaksonen recommends avoiding "any information that you may have shared publicly or could be disclosed in a normal exchange of information in your password. So, your dog's name, your kids' names, your partner's name and your address really shouldn't be used if you're sharing this information on social media or if it's part of the public domain.”
Yahoo Life recommends “creating a password with a memorable, strong code. How? Try these tips:
“Safer password tip #1: Combine three or more unrelated words and proper nouns, with numbers separating them. Example: ‘desk3sarah4beach.’
Safer password tip #2: Go for length. The longer the words, the better.
Safer password tip #3: Add special characters before each number. Example: ‘desk!3sarah!4beach.’ Using the same character makes memorization easy.
Safer password tip #4: Try to use one non-English word or proper name that you're familiar with. But try to find one that other people wouldn't easily guess. Example: ‘desk!3sarah!4playa.’
Safer password tip #5: Add capitalization. To increase password strength even further without making memorization difficult, consider using a couple capitals that always appear in a particular location throughout all of your strong passwords. Just don’t put them at the start of words. Example: ‘deSK!3sarAH!4plaYA.’”
Memorize Key Passwords. Cyber security experts advise that writing down passwords is a risky practice. The best place to keep a password is in your head.
Use a Password Manager. Keeping passwords in your head may be a useful strategy to thwart hackers, but this really only works for one or two passwords. Typically, we use dozens of passwords. Keeping a long list of complex passwords in our head is nearly impossible and using the same password for all the websites we regularly visit is dangerous. If just one of websites we use is breached and passwords and logins are stolen, all our website accounts are vulnerable. The answer is to use a good password manager. We have some recommendations for password managers in a follow up article in this newsletter, “Protect Your Cyber Life with a Password Manager.”
Utilize Multi-Factor Authentication (MFA) Many companies are now offering this additional level of security where you use a password together with a code sent to your smartphone to authenticate yourself. Another example of an MFA is using a Personal Identification number (PIN) in combination with an account number or login name. If MFA is offered, use it!
If you can put some or all of these suggestions in place, you'll build a stronger moat to protect your cyber castle from outside marauders.