Strong passwords are important for online security, but the trick is to create unique passwords that you can remember, or you risk falling into the bad habit of using the same login credentials for multiple accounts. Think about all the accounts that you’ve got at the moment – all of your social media, streaming, bank accounts, and applications. We’re sure that only a few of them come to mind immediately, but if you sit for a second and think about all the accounts that you’ve created online, you might easily have about 90 passwords for all of your accounts.
Password security is critical. Weak passwords can lead to serious consequences, like the concerning rise in identity theft, as a result of your data being compromised. Many of us are still looking into identity protection services to help us out in the event that we end up falling victim to such crimes. Still, we’ve got to take account security seriously, and one of the primary ways to do that is by using passwords. Let’s take a look at some best practices to reduce the risk of your data being compromised.
How Do Hackers Get My Passwords?
Our passwords are the key to our sensitive personal information. We make a point of not leaving important information lying around for criminals to find and use in malicious ways, so we keep it under digital lock and key in the form of a password. Still, just like a lock can be picked, there are hackers out there who manage to get hold of the passwords to your accounts using a variety of methods.
Phishing
Phishing is usually done by emails that contain either fake links to cloned websites or a malicious attachment. The fraudsters will present a fake login form somewhere in the chain of events that starts with you, the user, falling for the con. After this, the hackers steal your login name and password. To steal credentials, scammers will use some kind of intercept between a user and a legitimate sign-in page, such as a man-in-the-middle attack.
Credential Stuffing
Sites with weak protection are regularly hacked, and thieves deliberately seek out and dump user credentials from those sites to sell on the dark web or underground forums. Hackers make the most of probability here, as there’s a high chance that you use the same email address and password to log into more than one account. Hackers can easily breach new accounts using tools that automate the testing of a list of compromised passwords across several sites, as well as on sites that practice good security and password hygiene.
Password Spraying
Essentially, the concept behind password spraying is to take a list of user accounts and compare them against a list of passwords, similar to credential stuffing. Credential stuffing differs in that the passwords are all known for specific users. Spraying passwords is more direct. Here, the hacker has a list of usernames but no idea what the password is. Instead, each username is compared to a list of the most common passwords. Depending on how much time and money the intruder has, this may be the top 5, 10, or 100.
Keylogging
Basically, hackers who use this method watch your every keystroke and click. Keyloggers keep track of the keystrokes you make on the keyboard and can be especially useful for collecting passwords for online bank accounts, cryptocurrency wallets, and other safe logins. Since it needs access to, or compromise of, the victim’s computer with keylogging malware, keylogging is more difficult to carry out than password spraying, credential stuffing, or phishing.
Use a Unique Password on Each Account
It’s sad that we’ve got to say it but many of us keep using passwords for more than one account. We may even use one password for all our social accounts, for example. Perhaps we do this because we’re just ignorant of the dangers or we’re just lazy to keep track of different passwords (if this is the case, there’s a handy solution to that coming up). Anyway, if a hacker gets hold of the password from one of your accounts, this practice is going to put all your other accounts at risk, too.
Use a Password Manager
Strong passwords are those that are longer than eight characters, difficult to guess, and include a mix of characters, numbers, and special symbols. Even if you use a different password for each account, the best ones can be difficult to remember (which is recommended). Password managers can help with this. There’s just one catch – you still need to remember that single password to gain access into your password manager.
Use Two-factor Authentication
Even if your password is stolen, two-factor authentication (2FA) prevents unauthorized access to your account by requiring you to enter a second piece of information that only you have – these are usually one-time codes (OTPs) – before the platform logs you in. And if a hacker discovers your passwords, they won’t be able to enter your account without access to your device (your phone or tablet, for example). The authentication code helps to prove that it’s really you that’s using your password to log in.
Don’t Keep Changing Your Password
There’s always back and forth about this, that’s for sure. For a long time, it was common practice to change your passwords every 3 to 6 months, maybe. This was founded on the notion that it takes about this amount of time for a hacker to decrypt a password.
Now, however, we’ve found that changing your passwords on a regular basis isn’t that great an idea, unless you think they have been compromised. Why? By constantly creating new passwords, we start to use little tools here and there that aren’t all that safe. Many of us jot our passwords down on little notes next to our devices or in our offices drawers – the first places that people check if they’re looking for a password to access your info.