Passwords are the digital keys to our networks of friends and our banking and payment services. You should take every precaution to keep your passwords private to protect your personal accounts and your financial information. Some cybercriminals may want to hack into your social networking or email accounts, but most want the financial gain that hacking bank accounts can bring.
It could be argued that your most important passwords are those for your personal/work email and your social network accounts. If someone gains access to your email account, they could use the “forgot your password” link on other websites you use, like online shopping or banking sites. If a hacker gets into your social network, they can scam your friends by sending out links to dangerous websites or posting fraudulent messages asking for money. The bottom line is that a good password is all that may stand between you and a cybercriminal.
- There are many ways that hackers can crack your password outside of phishing attempts and spyware. One method is by attempting to log on to your account and guessing your password. With a little bit of investigative work hackers can gain information from your social accounts such as Facebook where you may have your children’s names or even those of your pets available for all to see. It is human nature to use family names and birthdates in your passwords. Therefore, it is extremely important not to include any personal information in your passwords.Another way that hackers can attempt to gain access to your password is via a password cracker. A password cracker uses brute force by using multiple combinations of characters repeatedly until it gains access to the account.
The shorter and less complex your password is, the quicker it can be for the program to come up with the correct combination of characters. The longer and more complex your password is, the less likely the attacker will use the brute force method, because of the lengthy amount of time it will take for the program to figure it out.
How You Can Create a Secure Password
In order to avoid being a victim of a hacker, Queenstown IT suggest the following.
- Create a complex password that a hacker cannot easily guess or crack using software tools.
- Use Two-Factor authentication (2FA) when offered. 2FA adds another layer of security to any account you may be logging into. An example of this is when your bank sends a code to your mobile phone. This is an additional password that only you have access to as it is coming to the mobile phone in your possession.
- Use a combination of uppercase and lowercase letters, symbols, and numbers.
- Do not use commonly used passwords such as 123456, the word “password,” “qwerty”, “111111”, or a word like, “donkey”.
- Make sure your user passwords are at least eight characters long. The more characters and symbols your passwords contain, the more difficult they are to guess.
- Do not use a solitary word in any language. Hackers use dictionary-based systems to crack these types of passwords. If you insist on using a word, misspell it as much as possible, or insert numbers for letters. For example, if you want to use the phrase “I love chocolate” you can change it to @1L0v3CH0c0L4t3!
- Do not use a derivative of your name, the name of a family member or the name of a pet. In addition to names, do not use phone numbers, addresses or birthdays.
- Do not use the same password across multiple websites. If remembering multiple passwords is an issue, you can use a password manager which we will discuss at the end of this document.
- Use abbreviated phrases for passwords. You can choose a phrase such as “I want to go to England.” You can convert this phrase to an abbreviation by using the first letters of each word and changing the word “to” to a number “2.” This will result in the following basic password phrase: iw2g2e. Make it even more complex by adding punctuation, spaces or symbols: %iw2g2e!@
- Do not write your passwords down, share them with anyone or let anyone see you log into devices or websites.
- Try to change your passwords regularly – at least every quarter.
- Make sure you log out of websites and devices when you are finished using them.
- Do not answer “yes” when prompted to save your password to a computer’s browser. Instead, rely on a strong password committed to memory or stored in a dependable password management program.
- Use a password generator if you cannot come up with your own passwords. This may seem like a long, complicated process to go through just to log into a website, however, it is not as complicated as a cybercriminal gaining access to your passwords and stealing your identity.
There are many sites that can generate passwords for you. See below for examples:
https://www.random.org/passwords/
https://www.dashlane.com/features/password-generator
https://www.lastpass.com/password-generatorPassword Management Programs
There are many tools that can assist you with password management. A free tool that we utilise is called LastPass. LastPass also offer a paid premium version with additional features should you wish to explore this option.
When you download LastPass, it will create a button in your browser toolbar. You use this button to login to LastPass every time you use your computer. LastPass will remember your passwords for all sites that require passwords. When LastPass is logged in, it will pre-fill the login name and password in the fields of the site you are visiting eg banking and utility portals or sites such as Trade Me.
You initially setup a very hard to crack master password which remembers all your other passwords. It is however very important that you remember this password. When setting up your master password, you can create a hint field to remind you of what it is you are setting up.
If you are on a mobile device, make sure to logout of LastPass when you switch off your computer. LastPass works on most popular internet browsers.
See the LastPass website below for more detail on their product and how to implement it today. This tool will also create random passwords for you.
