Modern Day Cybersecurity Requires Strong and Unique Passwords
In the past, when records were kept only on paper, your personal
information was as secure as the file cabinet or safe in which it was
locked. There was no way that information could be shared without
physically removing the paper.
Today, however, the information that was once limited to paper
records only is kept on computers and servers, which are secured through
encryption and other digital safeguards. The front door to that
information, is your login. The lock on that door is your password –
make it as strong as possible.
1. Create a long password.
Would you lock the front entrance to your house with nothing but a weak door chain? Hopefully, the answer is never.
Weak passwords are the No. 1 reason that an account becomes compromised.
According to Verizon’s 2017 Data Breach Investigations Report, 81 percent of hacking-related breaches leveraged either stolen and/or weak passwords. According to Google engineers, compromised passwords are the top way hackers gain access to accounts and all users.
So, what constitutes a strong password? In a word, length. The longer
the password, the more secure it is. You might have heard that a strong
password requires a combination of uppercase and lowercase letters,
numbers, punctuation and other keyboard characters. But any short
password is easier to hack than a long one.
A strong password should be the longest you can manage, but no less
than 12 characters. It wouldn’t hurt to include a mix of upper and
lowercase letters, numbers and symbols, but length is the most important
2. Create a sentence and use first letters from each word.
One technique to create long, random passwords is to write out a
sentence and then use the first letter from each word. For example:
This would be 1 example Of A sentence that could be (used for) a secure password.
Hackers who use computers to crack passwords often use programs that
go through billions (or more) permutations until it finds the correct
combination. The best defense against this type of “brute-force” attack
is a long password.
You can use this ONLINE TOOL to determine how secure your password is. The 17-character password above would take a computer 93 trillion years to crack.
By comparison, the password fR$3]@Q1 (eight characters long with upper and lowercase, numbers and symbols) would take two days to crack. The password kdjzmpuelaqj (12 characters long with only lowercase letters) would take four weeks to solve. If you add one more letter to make kdjzmpuelaqjs, a 13-character password, it would take a computer two years before it could find the right combination.
3. Don’t use names, words, dates or patterns.
The federal government last year adopted new password guidelines that drops the need for “mixtures of upper case letters, symbols and numbers.” That makes creating longer passwords easier.
However, long passwords can still be easy to crack if they contain
overused characteristics. Alvaka Networks, a provider of IT and network
solutions, reported that research shows that weak passwords also include:
- “Love” phrases;
- Days of the week; or
- Keyboard or phone dial pad patterns.
So, don’t use passwords that contain 12345, qwerty, blueapple or
fastelephant. Again, longer is only better if you refrain from using
4. Create a unique password for every account.
Committing to using a long password is a good start, but you’ll need
to create a unique one for all of your accounts … or at least, the
accounts that you care about and want to protect from hackers.
According to Dashlane, an online password management system, the average number of online accounts registered to one email address in the United States is 130.
Who can remember or keep track of that many passwords? It can be
overwhelming. But most users know that it’s risky to use the same
password for multiple accounts.
In a study commissioned by LastPass,
a digital password management service similar to Dashlane, 91 percent
of respondents said that they understood the risk of reusing a password,
yet 61 percent still do.
Don’t use autofill in your web browser. It’s not a secure method to
keep your passwords. Instead, consider using an online password manager.
They allow you to create unique passwords for every account, with
variables for length, letters, numbers and keyboard characters. They
have accompanying apps and browser plugins so that you can access your
passwords on all your devices and can auto-populate your logins. You
simply need to create and remember one master password to access the
Nuvision doesn’t endorse any particular password manager. Each offers
a slightly different security features, but all promise strong
encryption. You can do an online search for “best password managers,” but those that are listed frequently include:
- SpashID Safe
- Sticky Password
All offer a free basic account while all except KeePass have modest
monthly premium accounts (ranging from $4 to $11.99) that offer
additional features. All also run on Windows, Mac, iOS and Android.
5. When possible, use two-factor authentication.
Two-factor authentication (also known as 2FA, multi-factor
authentication or 2-step verification) is a type of online security
feature that requires another login verification in addition to a
username and password.
For example, after you sign in, a typical 2FA might require you to
type in a mobile phone number that matches the number provided when you
created the account. You will then receive a text message with a unique
security code that you need to enter. You’ll need to do this every time
you log in. This type of 2FA provides extra security because only the
person in possession of the phone will receive the code.
Google reported that less than 10% of Gmail users enable two-factor authentication. According to Google, that means, “the remaining 90% [are] more vulnerable to cyber-attacks.”
Don’t leave yourself vulnerable. Follow the five steps listed above
and you can greatly reduce the chance that you’ll become the victim of a
hacker or cyberthief.