We all have that one trusty password, that one we’ve used for years…since we graduated high school…that one we used to log in to our Myspace or AOL account with…
Passwords keep our precious information out of the hands of the wrong people; however, that old trusty password – you know the one – Ilovemydoggabby06, is actually the worst thing you could do for your internet security.
You should change your password every 60-90 days. Yes – every one of our passwords should be changed as-often-as once every three months. Our security is constantly under attack, whether it’s from companies we trust our information to, or people we trust our accounts to. With our passwords constantly being exchanged over all sorts of networks, it makes sense that our passwords lose their strength very quickly.
At least 60% of people reuse passwords across multiple sites regularly.
An estimated 81% of data breaches are due to poor password security.
59% of Americans use a person’s name or family birthday in their passwords
33% include a pet’s name
22% use their own name
Agent, I. D. (2021, May 15). 10 Facts About Passwords to See Before You Make Another One. ID Agent. https://www.idagent.com/blog/10-facts-about-passwords-that-you-need-to-see-now/
Passwords are easy to manipulate and mimic. There are many ways this happens: through breaches, signing in to false websites, or even through keyloggers that track your keystrokes. Many people have found themselves in vulnerable positions when their bank account is hacked, or money is moved from their bank via a PayPal app.
Having a different password for every account is very important. However, what is even better is a pass phrase. A pass phrase is a long sentence. Something you can remember but isn’t as easily guessed or predicted, like: MyFavoriteDonutsAreAtHollysDonuts. This is a little less predictable of a passcode and could be key to preventing a breach.
Using the common ways of creating a passcode is one of the surest ways you WILL have a password breach, and here’s why: Almost everyone has a social media account of some kind. On those accounts you will often find a person’s first, last, and middle name; their birthday; their kids’ birthdays; their anniversary; and their dog’s name. That is often without even having to connect directly with you in any kind of way. Especially if your Facebook description looks something like this: I’m Meghan P Jones. I live in Texas with my two beautiful girls – Sara and Maxine. My husband John and I have been married for eight years. This is our dog, Roxy. As you can see through a description as simple as this, you’ve given a hacker just enough pieces of your data recipe to start testing the strength of those passwords and security questions. How many of our security questions ask us the name of our favorite pet, or the name of our first child?
The truth is this approach to password security is archaic and weak. We must look to better ways to secure our important information.
Have I been a part of a breach?
It is possible that by this time, your information has been found in a breach of some sort. If you are curious to see if your email has ended up in a data breach, you can go to this website to find out: https://haveibeenpwned.com
Password managers – some details:
I know what you’re asking – How am I supposed to create a different password for all the apps and networks I have, AND remember them all? It’s not possible… You would be right! In order to ensure the best security, it would mean we’d have to have a memory superpower, or perhaps a photographic memory.
Therefore, this is a great opportunity to consider using a password manager.
What is a password manager?
A password manager is an application that stores all your passwords in one secure location. Think of it as an encrypted vault that is only unlocked by a master key.
How will it help me?
- Password managers help you generate random passwords whenever you use a new website or application. A password manager will help you create a secure password that is long and impossible to guess.
- A password manager can help prevent phishing scams that often come through your email. Phishing scams can often come from someone who looks legitimate. The emails will come with a link that upon clicking will download viruses and malware to your device. While using a password manager, if it does not recognize the website or source, it will not auto fill your password into the website. This is a great way to know that the website or link you are following may not be secure.
- With a password manager, you will only need to remember ONE password. You will have one master key password that unlocks all your other passwords. If you are using a smart phone to access the password manager, it may request to use your fingerprint or Face ID to access it. This doubles down on the security of your information, making it even more difficult for someone to break into your information.
Are they safe?
Well, like most things on the internet, nothing will ever be 100% safe. However, we can take many steps to keep our chances of a breach low.
- First, you want to create a strong password for your password manager. You want it to be long and as random as possible. As I said before, a pass phrase is your best friend. Write out a sentence with exclamation points and upper- and lower-case changes. This decreases the chance of someone being able to guess it.
- Next you want to use Two-Factor Authentication (2fa). 2fa is a security measure that requires another device or application to interact with it. It will require your phone number or email to also approve a login attempt. This increases security exponentially.
- Adding a Biometric Authentication is the icing on your security cake. Biometric Authentication is utilizing your fingerprint or facial recognition. People often feel uncomfortable using facial recognition software for their security. However, your face cannot be mimicked. Adding this layer will bring your overall security as close to being 100% protected as you can possibly be.
Which password manager should I use?
It is up to you if you want to pay for a password manager or use a free version. We like to say you get what you pay for, so you might find paying for a password manager brings you a better product and security overall. But that isn’t to say that a free version cannot keep you equally secure. Here are a couple of different types of password managers:
Cloud-based password managers
Cloud-based managers are seen as safer because they have more enhanced security features. They also often offer backup should anything ever happen to your device or app. This helps ensure that all your important information is always saved.
They can also prevent you from using old or weak passwords you have used in the past. And they can offer you additional features such as saving other sensitive information like bank account details or credit cards. Typically, you will find that they work across different browsers such as Safari or Chrome.
Desk-top managers will store your passwords locally on the device that you’ve chosen. However, keeping your data frequently backed up is key. Though the device does not have to be connected to the internet to work for you, this can help ensure that you avoid any attempt at being hacked.
But will I get hacked?
At the end of the day, nothing is ever 100%. At some point, it is inevitable that your password manager will be tested. Our best approach at keeping that door closed tightly are the steps mentioned above. As we move around on the internet, we must know that our security WILL be tested. But the steps we take to make sure that process is as difficult as possible for a hacker, is how we rest a little easier at night.
When it comes to password managers, most tend to employ multiple layers of defense against breaches. At the end of the day, breach is inevitable — but the best way to protect our user data is to design our systems so that if they are attacked and breached, the attacker gets nothing, no usable data out of them. In practice, this can play out in many different ways. Most password managers store your password data locally, on your machine: this means that in order for you to be “hacked”, someone has to have physical access to your computer and probably your master password — or the technical ability to log your keystrokes, fire off a few privilege escalation exploits, etc . Irwin, J. (2018, May 16). But what if my password manager gets hacked?! A few thoughts on how to talk about security worries with non-experts. Medium. https://medium.com/@jessysaurusrex/but-what-if-my-password-manager-gets-hacked-3b78e0b423c9
Are you now overwhelmed?
Don’t be! DataCom Technologies is here to help you. If you would like to have some help navigating this wave of information, contact us either through our website here, or by calling us at 330-680-6002. We place a very high value on protecting our customers’ data, and that includes helping to explain security options specific to each circumstance. Don’t be caught unprotected. Included in every business managed service package with DataCom Technologies is a password manager. This underscores the importance we place in technology like this to help secure your computers and your company.