bad passwords

Clean up your bad password habits

Passwords are the foundation of good online security

We depend on locks to keep our most important things safe and secure. For example, when we leave the house for the day we lock our doors behind us. We do the same when we park our cars or bikes. You might even put really important items in safe deposit box behind multiple locks.

Online, your passwords are your locks. The problem is, many people (maybe even you?) use weak passwords. In fact, some passwords are so bad, they’re the equivalent of putting picture of a lock on your door instead of the real thing (we’re looking at you, “123456” and “password”).

Say no more—my passwords are GREAT

Are they though? You might think you’re doing a good job, but are actually failing miserably. First, let’s see if your password makes this list.  Then, let’s go over some common password mistakes according to the experts and research:

  1. Recycling. Normally recycling is a good thing, but not when it comes to passwords. Don’t reuse passwords! Even the good ones—because once they’re used more than once, they’re not good anymore.
  2. Using sequences. Passwords such as “qwerty” or “123456” or even “1q2w3e4r” and the like are common and very crackable. Don’t create passwords using numbers, letters, and symbols that are adjacent to one another on a keyboard.
  3. Putting your password in the password hint. In some systems you can show a password hint to recover a password—so don’t use that area to put your password! Anyone who has your username could ask for the hint which means they’d get your password too.
  4. Sharing. Sharing your password is NOT caring. You wouldn’t hand over your house keys to just anyone, so don’t do it with your passwords either.
  5. Using brands, sports teams, pop culture references, or strong expressions of emotions in your password. You’re not the only GreenBayPackerfan, nor the only person who loves Ferrari, Superman, Star Wars, or who uses ihateyou, iloveyou, or tells people off in their passwords.
  6. Using personal information in your password. Whether it’s a pet’s name or your birthday, its information that can be found about you—or information you may reveal over social media.

I only use bad passwords for sites that don’t matter

Even if it’s just account you set up for a one-time purchase, it matters. Every site with piece of information about you could get hacked. Once enough pieces make it “out there” on the web, a scam artist can put the whole picture together—making you vulnerable for identity theft.

I never buy anything online, so who cares?

Online security is about more than protecting payment information. With enough details about you a scammer could:

  • Take out a loan in your name, hurting your credit score in addition to creating loads of hassle
  • Steal your tax return (again, lots of hassle to get this resolved)
  • Commit medical fraud, which could result in you being denied medical coverage

They only hacked my email account—big deal!

Hacking your email is a bigger problem than you realize.

Email is actually one of the most sought-after accounts attackers want to get from you. Why? Because all your other online accounts point back to one system—your email! Once an attacker has access, all they need to do is hit “reset password” on different online accounts. Those reset requests generate an automated reset email which the attacker then uses to get into every account they can. With this technique, the attacker doesn’t need passwords or usernames for everything in your name. Once they change your password, you’re are locked out of your own account. Just imagine how bad it would be if this happened to your online banking or credit cards accounts!

Having your email hacked can also wreak havoc and have broad impacts you might not even think about. With your email address and password, spammers can send out millions of phishing emails that contain malware. Not only could these emails potentially trick those on your contact list, this spam email activity can slow down—or even take down—your entire email service making your bad password everyone else’s problem as well.

Okay, so I need to do better—but I can’t remember complicated passwords!

No worries! There are some easy ways to handle passwords:

  1. Use a password manager. Use a third party service such as Dashline, or Lastpass (Digital Trends recently reviewed the marketplace of choices). These managers can not only help you create strong passwords, they integrate with your browser (no, not your browser’s autofill—these are extra extensions you install after you sign up). This makes saving your passwords to these services a breeze, and means the program will do the remembering for you.
  2. Use memorable pass phrases. The best passwords are at least 8-12 characters long (more is better!) so give pass phrases a try instead. They’re long, and pretty difficult to crack—and are even stronger with the addition of some numbers and characters. Here’s an easy way to do that: How To Geek suggests grabbing the first letter of every word in a pass phrase and tossing in a few symbols or numbers. For example, “I think strong passwords are great and I promise to use them” could become “ItSPrg8&iptuT.”

Is there anything else easy I can do?

Yup. Turn on two-factor authentication. It’s simple to set up and adds an extra layer of security to your accounts (unless your email account is compromised too).

 

 

About TDS Security Team

The latest news and advice from the TDS Security Team.

No comments yet.

Leave a Comment