With the onslaught of data breaches that have been in the news lately (think Target or Sony), INF presents this multi-part blog series about keeping your data safe in the digital age.
Do you pick a password and then use that for all of your accounts or do you choose short passwords that are easy to remember? Is your password “Password” or the name of your pet? Do you keep a word document or piece of paper with all of your passwords written down? If so, your digital information could be in trouble. More than 60% of people use the same password on multiple accounts. In the digital world, this means that if I can break into one account, then I can have access to all of your accounts. This is why when a data breach happens with one retailer, fraudulent activity among other retailers goes up as well due to usernames and passwords being the same.
Most people choose their passwords from a finite set of words, phrases and numbers (or some variant of this), which makes guessing your password a trivial task for most hackers. They use a “Dictionary Attack” on an account, which takes commonly used words from the dictionary and puts them together with numbers and other words to create a password to try. Bear in mind, this is not a human being doing this, so multiple attempts to guess your password can be made by the second and whole attacks can last less than one minute. Additionally, software that does this is commercially available and thus, is very easy to implement. Once a hacker has cracked one of your accounts, they immediately target others. In doing this, they will touch as many accounts as they can before you are alerted that anything is wrong.
How To Choose a Strong Password
In order to combat this and become a smarter user, you must create a strong, non-trivial password for each account that you have.
Choosing a strong password becomes simple once you learn the following four rules:
- Choose a password that is 13+ characters long
- Choose a password that does not contain any words in the dictionary
- Choose a password that has an uppercase letter, a lowercase letter, a symbol, and a number
- Choose a password that does not use all obvious substitutions of symbols/numbers for letters (i.e. 5 for “S” or @ for “a”)
One recommended way to create a password is to think of a phrase from a book or song that you like and turn it into a password. As an example, if you are a fan of “Hitchhiker’s Guide to the Galaxy” by Douglas Adams, you may turn the phrase “So long and thanks for all the fish!” into the password “S81ng&Tks4@!!f!$h!”. Notice that none of the actual words were used and not all of the substitutions were obvious, such as “8” for ‘o’. A simple trick to remember is – the longer the password, the stronger the password.
You may be asking, “How in the world am I going to remember all of these passwords? I must have over 90+ accounts online, like the average American!” There is no need to remember all of the passwords that you create. In fact, if you can remember one very strong password, you can access all of your others by using a password management program such as KeePass, 1Password or Dashlane.
Part 2 of this series will cover setting up and using a password management program.