Cybersecurity has become ever more critical. Not only are we relying on mobile devices for access to key data points – like our bank accounts – but more of us are working from home or with remote teams than ever. How do you keep your digital details safe without making life exponentially more difficult? Today, we have some top tips, tricks, and strategies to help you employ the best password practices currently available.
How Do Passwords Get Stolen?
Before we look at improving password security, let’s look at how hackers gain access to our passwords in the first place.
As a child, your head was probably filled with stories about how writing down your password was the worst way to get hacked. It has some truth in it – pinning “John’s Banking Password” onto your PC screen using a post-it note is still not the smartest way to act.
However, no cybercriminal is harvesting your sensitive data through a note on your desk. Instead, this would be a risk factor for vindictive behavior from hostile people in your circle – a mean coworker or a spiteful ex. This antiquated approach to password security misses all the common ways you will actually face a cyber intrusion.
Phishing is a social engineering trickery that is surprisingly fruitful for hackers. They simply ask for your password details, masquerading as a legitimate vendor, site, or another authoritative party. While most of us have wised up to the Nigerian Prince who just needs you to send your account details to get his millions, modern phishing scams are surprisingly sophisticated and need constant vigilance to avoid. We outlined some solutions in the next section.
Social Media Oversharing
Tied closely to phishing attempts, many of us have simply gotten too free with what we share openly. Many fall for “innocent” online games or “challenges.” While most of us are savvy enough not to directly type our passwords or Social Security/Identity numbers onto a Facebook post, we give away critical data often used as secondary account questions without ever thinking who can see or why the “game” is being run.
Credential stuffing occurs when hackers use stolen databases and lists from data breaches to try the illicit information against accounts. Often, we can do little about information theft, as it stems from large-scale data breaches against organizations. But we can use smart password management strategies to minimize the personal damage.
Brute-force attacks are unsophisticated, but still net hackers results. They use automation to run massive trial-and-error approaches against accounts to guess login information and encryption keys.
Keylogging involves tiny pieces of malicious software discreetly installed on your PC. These record the keyboard strokes made on your keyboard and are surprisingly effective for password harvesting for online banking and secure logins.
Bad Password Usage
Many of us are guilty of using very common passwords. This practice enables hackers to “password spray” or throw common passwords against your account name and hope for a match.
The only modern password theft strategy tied to the old story about writing them down, local discovery happens when malicious software on your machine detects plain text files on your PC where you’ve recorded the details.
With the rise of ransomware, hackers have become more and more able to simply demand your credentials, threatening blackmail or data loss if you don’t comply.
Keeping Your Password Private
Now that you know how hackers access your passwords, what can you do to keep your precious data safe?
The Power of Robust Passwords and Passphrases
First, it truly is critical to create passwords that are difficult to crack. That goes beyond simply avoiding common passwords, however.
Long passwords – think between 8 and 14 characters – with a mix of uppercase and lowercase letters, numbers, and special characters – are harder to break even with artificial intelligence (AI) and brute-force attacks.
Random chains really are your best bet, as things like birthdays, places of birth, pet names, family members’ names, and so on can easily be gleaned from social media oversharing. Random password generators can be your friend here, helping you create a truly random string to use but can be difficult to memorize.
This is why modern password trends are leaning toward “passphrases.” These are, quite literally, short sentences, mixed with other key features (mixing letter cases, numbers, and special characters) that are easier to remember. Think something like “Suz@nL!kes3Cupc@kes4Bre@kfast.”
Your brain retains the core sentence – Susan likes three cupcakes for breakfast – easily, yet it’s a robust and strong password that won’t be easily guessable. Needless to say, you shouldn’t use your own name or familial details in your passphrase.
Using the same password across logins is easier on the brain, but is a bad practice. If a hacker gets the password once, he now has access to everything. Even a small change in password choice offers better protection. At least make sure critical areas like your banking, investment, and work server are not tied to the same throwaway password you used once on a shopping site.
For companies, running “password audits” that check both compliance with robust standards and that passwords are regularly being changed is a smart strategy. It’s a good idea to change critical passwords at least annually even as an individual, too. This helps invalidate data gained in data breaches and makes you less vulnerable as a target.
Phishing yields frighteningly good results for hackers, especially as attempts get more sophisticated. No matter how legitimate an email looks, never enter password data into a form because an email told you to. Few legitimate institutions will ever ask this from you, so be vigilant and use common sense. Be sure to check the website you’re directed to and the email address it is sent from at a deep level. If you still feel it’s legitimate, contact the institution through its call center or online help desk and confirm the request is legitimate.
Data Breaches and Two-Factor Identification
There’s little you can do about mass attacks against institutions like credit bureaus leaking your data. All you can do on your side is stay aware of breaches, and act to change immediately if you are warned. Freezing your credit and setting up two-factor authentication (2FA) on important accounts can help limit intrusive access from these leaks.
2FA introduces a second confirmation source before an account can be accessed, often a PIN sent to your phone or email. That provides a second layer of security, making a password breach less damaging.
Malware Best Practices
Regular scans and robust PC health helps reduce the chances of keyloggers remaining on your computer. Being careful and sensible in what sites you visit and what documents you open also helps keep you safe from ransomware attacks and extortion attempts. So does maintaining regular backups, so you are never left pleading with cybercriminals for critical data you can’t restore or roll back to.
Keeping robust password security is critical in today’s digital world. With these tips, you can keep your data private and make yourself less vulnerable to cyber attacks and data loss.