Have you ever had your password compromised? According to Norton, approximately 24 billion passwords were compromised in 2022. This can happen through hacking, phishing, or data breaches. In addition, more than 80% of breaches were due to weak, reused, or stolen passwords.
HOW ARE PASSWORDS COMPROMISED?
Passwords can be compromised in many ways. The most common include using a weak password, a company with whom you have an account experiencing a data breach, unsafe password storage (including your web browser’s built-in password manager), and phishing attempts (emails, texts, etc, that pretend to be someone else and convince you to input your username and password). Keep in mind that your password to your email account is especially critical, as this account can be used to reset other passwords.
WHAT STEPS CAN I TAKE TO PREVENT MY PASSWORD FROM BEING COMPROMISED?
When it comes to prevention, using a unique and strong password for each account is your first line of defense against unauthorized access to your personal or sensitive information. This is because the complexity of the password can make it more challenging for hackers to figure out your password. If you are curious about how strong your password is, you can visit a site such as security.org to check your password’s strength. In addition, safe online practices such as not clicking links or opening attachments in emails unless you can confirm they are legitimate and using a different password for each account to limit the number of accounts affected by a data breach can be beneficial. Lastly, two-factor authentication is often your last line of defense against unauthorized access to your account. It is highly recommended that you turn this on whenever possible. In most instances, this would include a code via text message, email, or a phone call to confirm it is you. If you receive a code that you did not request, it may mean that someone has gained access to your password, but failed to gain access to your account due to not having access to the code. In these instances, you should change your password immediately.
WHAT ARE BEST PRACTICES TO CONSIDER WHEN CREATING A STRONG PASSWORD?
Strong passwords can greatly enhance your online security. Best practices include the following:
- Length: Computers can guess about 10 billion password combinations in a second. This is why it is important to have a password that is no shorter than 12 characters, but ideally 16 characters or more.
- Complexity: Mixing different character types (uppercase and lowercase letters, numbers, and special characters), including using numbers or special characters in place of letters, can make a password stronger.
- Patterns: Avoid using easily guessable patterns such as common sequences (e.g., 123456), keyboard patterns (e.g., qwerty), or repeated characters (e.g., aaa).
- Personal Information: Stay away from passwords that include personal information such as your name, birth date, or other readily available details. If you choose to use dates or other information, use information unrelated to you or your family.
- Passphrases: Consider using passphrases instead of passwords. Passphrases are longer combinations of semi-randomly chosen words that are easier to remember but harder to crack (e.g., Brown dog has diversified portfolio.). It is recommended that these include a minimum of four words and is best when they do not make complete sense. Include spaces and punctuation for added complexity.
- Reuse: Avoid using the same password for multiple accounts.
Given the quantity of online and electronic services we use every day, generating and remembering strong passwords can be unreasonably burdensome. A great way to address this is by using a reputable password manager such as BitWarden, 1Password, or Dashlane to generate, store, and manage your passwords and two-factor authentication tokens securely.
Written: May 30, 2024