October is Cybersecurity Awareness Month. For 2020, the theme is s ‘Do Your Part. #BeCyberSmart’. Passwords are a first line of defense in securing your information. Read on to learn how to set a strong password.
It has been documented that that weak passwords are the root cause of the rise in cybercrime, causing 76% of data breaches. However, most don’t use strong passwords, or change them frequently enough, making it easy for criminals to gain access.
One of the most proactive ways to prevent yourself from being a victim and to protect your company is by setting a robust password.
Key Characteristics of a Safe Password are that:
- It cannot be found in a dictionary.
- It contains special characters and numbers.
- It contains a mix of upper and lowercase letters.
- It has a minimum length of 12 characters.
- It isn’t a combination of dictionary words, place or name
- It doesn’t rely on obvious substitutions, e.g. @ for “A” or “a”
- It cannot be guessed easily based on user information (birth date, postal code, phone number etc.)
According to security expert, Bruce Schneier, hackers use different dictionaries: English words, names, foreign words, phonetic patterns and so on for roots; two digits, dates, single symbols and so on for appendages. They run the dictionaries with various capitalization and common substitutions: "$" for "s", "@" for "a", "1″ for "l" and so on. This guessing strategy quickly breaks about two-thirds of all passwords
To create and maintain secure passwords:
- Create an easy to remember base password, preferably like a phrase, that is memorable to you, e.g. Virginia Commonwealth University is the best go rams. Once you have established the base, then recreate it using the tips above e.g. “VcU?t8Gr”.
- Better yet, create two base passwords!
- Keep important and not so important accounts separate. You should use one password for sites which hold personal information or credit card details, such banking or GMail. The second password should be used for sites that will not cause great harm if hacked.
- Create individual passwords for each account
- Once you have a strong base password, you can use it to create individual passwords for each of your online accounts. Simply add the first three letters of the service at the end of the base password, e.g. “VcU?t8GrGMa” for your GMail account or ““VcU?t8GreBa” for eBay.
- Update your passwords regularly – every few weeks or months
- Change your base password
- Change the special character substitutions you’re using
- Reverse use of upper and lowercase letters
- Type the password with the SHIFT key held down
o Or change your entire password
- Change how you identify the account, e.g. use the last three rather than the first three letters (GMa would become ail or eBa would become Bay).
- Change the position of the letters identifying the account - put them to the front or in the middle of your base password.
- Add the date you last changed the password at the back and record it in your calendar.
Other Proactive Password Tips:
Another common pitfall is having a base password that is used across multiple sites. Utilize Single-Sign-On (SSO) options when available to access accounts. By limiting your sign-ins, you limit the chances for your information to be stolen.
In addition, utilize one of the many password management apps, password manager programs or web services that will let you create very strong passwords for each of your sites. With these you only have to remember the one password to access the program or secure site that stores your passwords for you. These tools allow users keep track of all your passwords, and if any of your accounts are compromised you can change all of your passwords quickly
Do a quick check...
Still not sure if your password has been compromised? Use this tool to quickly check if your email account has been compromised and enables you to sign up for notifications if your account is compromised in the future. It also includes millions of real-world passwords previously exposed in data breaches so you can be sure to avoid those. https://haveibeenpwned.com/