David Attard on December 6, 2013
I recently wrote an article called What the Hack, in which I discussed the spate of hack attacks happening at the time. Unfortunatley, not much has changed since then, and we keep on hearing of more and more password leaks, hacks, identities being stolen and loss of personal information. One of the password leaks that made headlines was that involving the loss of millions of Adobe passwords.
This week social media platforms are the target with around two million login credentials of uses on, among others, Facebook, Yahoo, LinkedIn, Twitter, Google and vk.com. Security firm Trustwave discovered a trove of logincredentials. When you analyse the different credentials, it’s alarming to see that a substantial number of people still use passwords that are so easy to guess. The most common passwords are:
If you’re an IT admin, we don’t have to tell you to use strong passwords; but many people you know probably can’t be bothered putting some effort when choosing a password, let alone consider the risks. We’ve put together some DOs and DON’Ts for you to pass on to family, friends, colleagues and anyone else you know would need it. You may need to be a bit more insistent – think Sheldon (from ‘The Big Bang Theory’) type.
- Never use a simple password such as those above – it is a guarantee that the account will be compromised at some point. Do not use the following as a password: any sequence on your keyboard (qwerty, qwertyuiop, asdfghjkl, poiuytrewq, zxcvbnm), your name (or any name), your surname, your date of birth, or anything else which is easy to read or type. Don’t use dictionary words. Rule of thumb: what is easy for you to remember, is probably easy for someone to guess!
- Do use a complex password, or pass phrase for your most frequently used websites and office credentials. Use a phrase that makes sense to you, but to no one else; use mixed case, punctuation marks and symbols, and make it long. You will get used to it once you use it often. Here are some examples of complex pass phrases: Mycatisn0tgrumpy!, Mydogbump5intowall$, IS1ngwhenIc*ok, Iwillr3tireat40$$. You get the gist. This infographic might help you to create a strong password http://lifehacker.com/5876541/use-this-infographic-to-pick-a-good-strong-password
- Do check your password complexity against the Password checker: https://www.microsoft.com/security/pc-security/password-checker.aspx
- Do use a separate password for each website you have an account with. Do NOT reuse passwords. When you reuse a password you are making it easier for a hacker who compromised a single password to get access to ALL your accounts. Even if you use a complex passphrase such as those in 2, do not reuse that passphrase.
- Do enable two-factor authentication (2FA) whenever it is available: Google, Facebook, Twitter all allow you to enable 2FA. This will generate a time-limited token (usually a text message on your phone) or a password generated by an app such as Google Authenticator.
- Do use a password manager to store your passwords – especially the ones used for websites you don’t use often.
- Do not use the password manager for passwords where you have sensitive information such as credit card details. Your office login and password, Paypal, Google, Facebook, Amazon and your other sensitive information accounts should NOT be stored in your password manager.
- Do not store payment information such as credit card numbers in your email account (for easy access).
- Do protect your passwords from prying eyes; never reveal your password(s) to anyone.
- Do change your sensitive website account passwords regularly. It’s better safe than sorry.
Can you think of anything else that should be added to this list? Leave a comment below and let us know!
About the Author: David Attard
David Attard has been working in various roles in the IT Industry for more than 10 years. He currently specializes is in the Internet security space. He is Product Manager for GFI WebMonitor® at GFI Software™.