With so much of modern life taking place in the digital sphere, there’s no shortage of sensitive data floating around the Internet – or passwords in place to protect that data. In fact, a 2014 security study by the UK government found that the average person has 19 different passwords. Because people have so many to remember, they tend to create passwords that are easy to recall — and easily compromised.
Understanding Information Security Risks
Passwords can be guessed, stolen, or broken.
- You might be targeted by someone who knows personal details about you, and uses them to guess likely passwords based on names, dates, and words that are important to you.
- Your password, username, and other personal data may be stolen in a group data breach, like the infamous breach of Target customer data in late 2013. Unfortunately, since a data breach of this size involves a breakdown of the company’s data security and encryption, there’s little we can do to prevent it on the consumer side. The best line of defense for this type of data theft is to monitor your financial accounts and credit for fraudulent activity, and act quickly if you spot something fishy.
- Your password can be broken by a hacker. (That’s what happened to 11 million Ashley Madison users in late 2015.) Hackers can use code breaking software to generate possible password combinations until the correct one is found. Passwords comprised of common phrases, words, or simplistic sequences of numbers are broken most quickly; after that, the program will run random combinations of characters until it finds a match. It doesn’t take long; in the Ashley Madison case, password cracking group CynoSure Prime managed to break 11 million user passwords in just 10 days. Increasing the amount and varying the types of characters will increase the number of possible combinations, and the amount of time it takes the hacker to break your password.
Evaluate the effectiveness of your current passwords with an online password review tool, then use the strategies below to improve them!
Tips for creating secure passwords
- Use a memorable but hard to guess passphrase, using symbols in place of letters (like “@” in place of “a”) to make the passphrase more secure. For example, @SwB10YOn2016, which is based on the phrase “Amy Smith will be 10 years old in 2016.”
- Make sure your password contains 12+ characters.
- Mix numbers, symbols, and capital and lowercase letters.
Using a password manager in conjunction with randomly generated passwords can increase security while minimizing the number of passphrases you need to remember. Because you won’t have to remember them, your passwords can be as long and elaborate as you like. The catch is that password managers can be hacked like any other database, endangering the security of all your stored passwords. To minimize the risk that your manager will be compromised, you’ll have to create – and remember – a very secure master password.
It’s also a good idea to enable two-factor verification whenever you can. For Google accounts, this entails entering a login code in addition to your password at login. The login code is temporary and constantly changing, so it’s difficult for hackers to bypass. If you’re concerned about the inconvenience, don’t worry; it’s possible to “remember” your personal devices after verifying it, so you’ll only need to enter an additional code once.
Finally, it’s important to keep your antivirus software current. Outdated antivirus software may allow newer malware to slip through the cracks. Malware can run unnoticed in the background on any internet-connected device, capturing keystrokes to steal your passwords and other sensitive data. Research available programs for PC and Mac, as well as your mobile devices to choose one you’re comfortable with.
Password security may seem trivial, but a little effort spent securing your personal information online goes a long way toward preventing fraud and even identity theft.