Passwords are your first line of defense against identity theft and hacking. Yet every year, the Federal Trade Commission receives hundreds of thousands of identity theft complaints—some instances of which might have been prevented with stronger passwords. Here are a few stats about passwords that should give you pause:
- According to Keeper, a password management tool, about 1 in 5 users has the password “123456.”
- The word “password” has been the second most popular choice for three years running.
- According to Pew Research, 45% of survey respondents use the same passwords across multiple sites.
Given those findings, it’s safe to say quite a few of us are what you might call “password-challenged.” In today’s world of cybersecurity and growing attacks, developing good password hygiene is one of the simplest and most basic steps you can take to keep your and your company’s information safe. It’s everyone’s favorite kind of IT support because it only takes a few seconds. Here’s what you need to know.
Passwords protect you from brute-force attacks
A brute-force attack sounds pretty terrifying, and rightly so. When this happens, a hacker tries to break into your account, site or applications by guessing your username and password—except instead of trying manually, the hacker uses automated software to quickly run through passwords until it guesses correctly.
And if you have one of those frequently used passwords, guess what? You’re going to get hacked first. Luckily, there are a few things you can do to improve your likelihood of surviving an attack:
- If your password is on this top 25 list, change it immediately. Hackers know how to use Google, so they’ll be much more likely to target low-hanging fruit.
- Don’t repeat passwords across different sites. Hackers often target sites with lower security—like retail and social media platforms—to score passwords. They they’ll try these passwords on higher-security sites, such as financial organizations and email providers. Once they gain access, they can tear through your business’ assets, credit cards and petty cash.
- Don’t use “Log in with Facebook” or “Log in with Google” shortcuts. These save time, but relying on them is kind of like having one key that opens your home, your office, your car... You see what we mean. Once hackers have access to that set of passwords, they can enter every site you use.
Password managers help you juggle a lot of unique passwords
One of the top password recommendations you’ll get these days is to not duplicate passwords on different sites and apps. But how can you do that and keep track of all your credentials when even news sites request a login just to give you the latest updates?
The solution is actually a lot simpler than it seems. A password manager is a piece of software that you can use to create a single master key login for all your accounts. This key is heavily encrypted, and is never sent directly to the sites you want to use. Instead, the password manager creates multiple unique complex logins for each of your accounts and inserts them in the background, securely logging you in.
Some managers are free, but you’ll need to pay a small monthly fee (usually $1 to $3) for many top applications. Check out MyITpros’ article on password managers to get the full scoop and review our recommendations.
Multi-factor authentication gives you extra protection
Most security experts will tell you that your best bet is to use multi-factor or two-factor authentication. Essentially, multi-factor logins have two layers: a username and password and a second set of information, like your phone number, a one-time code or a security question.
Some sites, like Google, offer this as a settings option automatically and will send you a login code over SMS. But for those that don’t, you’ll have to install it yourself. Using an authentication app has the extra bonus of being a little more secure than SMS codes.
Once you install the authentication app on your phone, you’ll be asked to scan an onscreen QR code. Thereafter, you’ll be able to log in directly through your phone—it’s as easy as that.
Passwords may be your first line of defense against hacking, but they shouldn’t be your only defense. Keep your data extra-safe using firewalls, cloud security, encryption and a number of other techniques. You can learn more by reading through our security articles on the MyITpros blog or by talking to one of our IT consultants to get a rundown of best security practices. With our IT support, you can go from being password-challenged to a password pro!