Major players like Microsoft are trying to phase out the use of passwords completely in favor of stronger and more user-convenient security measures. While it’s true that passwords are disappearing, it will still be quite a while before they’re gone completely. Many platforms are certain to use them for years to come. So, until that happens, strong password habits will continue to be your first line of defense against falling prey to brute force hacking, phishing, data breaches and more. In part one of our segment on password health, we’ll share the best password practices for 2020.
Do not use the same username and password on multiple platforms.
We get it. You have a lot of different programs, devices, social media platforms and accounts to sign into. It would be so much easier to simply have one password to log into them all.
Please, avoid this temptation. It’s a very common one. And it’s also one of the top reasons people get their accounts hacked. The reason is pretty simple, and often it has nothing to do with the strength of the password itself. All it takes is a single breach on the end of one of the companies that one of your accounts belongs to. For example:
Microsoft: MyIncrediblyStrongPassword (Don’t use this, by the way.)
Facebook: MyIncrediblyStrongPassword
Amazon: MyIncrediblyStrongPassword
“Corporation Z” Website: MyIncrediblyStrongPassword
While most on this list are likely to have strong security, all it takes is one smaller company with below-average security (such as random “Corporation Z”) to have your username and password leaked into the wild. That username and password will then be used to try to gain access to all of your accounts. And you would be surprised how successful this method often is.
It should be noted that even Microsoft was recently breached at the time of writing this, exposing around 250 million account records.
Make your passwords complex.
Given that most people choose easy-to-remember passwords, many can be discovered using simple algorithms. These algorithms are available to anyone, so simple and commonly used passwords enable anyone to easily gain access and control.
For the most part, the longer and more randomized a password is, the better. It doesn’t have to be a random assortment of characters. But bizarre, mixed and matched words with a number, symbol and capital letter can do pretty nicely. They can be silly and easy to remember, but it has to be something only you would remember.
For example, do not use your cat’s name. Instead, use something like: My8catsdanceacrossthewater&it’sfunny!
It’s long, complex and easier to remember than random letters and numbers, but still sufficiently randomized to avoid most commonly used algorithms. (You’ll have to come up with your own now though, instead of that one.)
Do not use your names as passwords.
Don’t use anything that can be discovered on social media. It might sound crazy, but there are entire rooms of hackers that are actually paid to sift through millions of Facebook profiles and other platforms, searching for minute pieces of information about users. Maybe you posted a picture of your dog and commented on it 10 years ago. Perhaps you shared a photo of a family gathering, and your mother was tagged in the photo, where her own account displays her maiden name.
There are any number of tiny bits and pieces of data that can be constructed to put together a profile of you, which in turn creates points of entry into your accounts using this data. The data can be used not just for the passwords themselves, but also for possible “secret question” answers.
We’re still going to be reliant on passwords for some time. But fortunately, 2020 offers additional means of account protection that can be used in conjunction with standard password practice. We’ll be covering some of those methods in our next article, but until then,
Makeyourcatdothetangobutdon’tnamehim!
Since 1995, Manassas Park, VA-based V2 Systems has employed local systems administrators, network engineers, security consultants, help desk technicians and partnering companies to meet a wide range of clients’ IT needs, from research, to implementation, to maintenance. Concentrate on your VISION…We’ll handle the TECHNOLOGY!