Passwords are the keys to most of the websites and applications that we use on a daily basis. Social media, email, streaming sites, bank accounts, online stores, and more require a sign-in for entry or special deals. Your login credentials protect the personal data you have stored on these accounts, so why not make sure they’re sturdy enough to hold off attackers? In this article, we take a look at the dangers of insecure passwords, how to create a new password, and some general tips for ensuring your accounts are safe.
Creating a secure password
It’s recommended that you don’t reuse passwords and that you change them regularly. For the best results, construct long passwords with multiple uppercase and lowercase letters, numbers, and special characters. Make sure not to use personal information such as your street address, name, birthday, or your family members; these can be too easy to guess. Phrases such as “123456,” “qwerty” and “password” are consistently among the top five most used passwords. If creating new passwords is challenging, try using a password generator to create something new and secure! You can also check the strength of your passwords through some generators.
Hacking
You might be wondering, “Why are hackers after my passwords?” The answer is typically financial gain, but it can expand to espionage and political purposes. In some cases, hacking is done just for the hacker’s enjoyment. Your passwords protect sellable and usable personal information such as your phone number, email, home address, and identification such as your driver’s license, social security number, and bank or credit cards. There are multiple reasons that your information can be leaked, including the following:
Account takeovers
Stolen passwords can be used to take control of your accounts for false posting or advertisement, as well as for scheming against your friends list for monetary gain. Hacked emails can lead to your address being used for phishing schemes, which may involve your contact list as a primary target. The victims of the hacker behind your hijacked account may be misled by familiarity and trust in you to put their own information or money into the wrong hands.
Black market sale
Your data and passwords can be set up for sale for many purposes, all of which can negatively affect your life, including your finances, credit scores, and credibility.
Doxing
This is a term for when your information is posted online for the world to see, typically to damage your reputation or expose you to physical and verbal threats.
Identity theft
Hackers may use your personal information for things like opening credit cards or taking loans, ultimately leaving you with their debt and ruining your credit score. These damages can last for years.
Intercepting taxes
After filing taxes in your name under your SSN or taking your return, hackers can put you in a difficult situation with the IRS. You could face fines, repayment, and even jail time in this scenario!
You may also be wondering how your information is accessed. Multiple reports list the following as the most common ways that your information may be compromised:
Data breaches
Popular online services are hacked every now and then. When this happens, millions of records are leaked and transferred into another database for criminal use. Small, lesser-known sites may also be targeted for poor security.
Credential stuffing
When information is leaked, it is fed to bots that automatically test every username and password combination within the stolen data. This test is run across multiple websites to attempt login.
Password Spraying
If a username or email address is already known, a hacker might once again use software for bots to test any known or popular passwords in combination with these found credentials.
Phishing
You may have encountered suspicious emails you receive from vaguely familiar or seemingly branded addresses. These could be hacked or illegitimate email addresses attempting to phish. Never click on any links, files, or imagery without checking up on external messages.
Be cautious with your passwords! To avoid hackers, try to avoid entering your passwords on public or shared computers. Public wifi can also be a risk, but having a VPN in place can encrypt internet traffic and deter hacking. Aside from a VPN, there are other resourceful technologies out there for your protection. Up-to-date antivirus software can fight off malware from your computer. Multi-factor authentication (MFA) is another tool you should take advantage of; this adds an extra layer of security by requiring verification from your personal devices.
Safety in storing passwords
Passwords can be difficult to remember, and retrieval or reset is a hassle that no one looks forward to. Having a secure catalog of your information can save you a lot of trouble! Aside from saving it for use, proper storage can keep your information away from prying eyes. Many people tend to write their passwords down physically, and this does well in protecting your data from hackers. However, if not well hidden, this information could become dangerous in the hands of friends, family, and, in some cases, burglars. Although friends and family tend to be relatively harmless, there is still a risk involved in anyone having access to your passwords. For more security, we suggest looking into password management technology.
Some internet browsers provide a password management feature, including Chrome, Internet Explorer, Firefox, Safari, and Microsoft Edge. These are free of charge and convenient resources that allow easy access to your information. In addition, all of these browsers have password-generating capabilities to suggest stronger passwords if you need assistance.
Reputable password management applications are the safest bet for storage, and they often come equipped with better password-generating technology than most browsers. 1Password, Keeper Security, and OneDrive are a few great applications, and some offer both a free plan for single users and a paid plan for businesses. Having a password management application that allows shared passwords for company accounts is a resource worth looking into!
Parting thoughts from our team
When we talk technical, we like to hear what our experts have to say on the matter. Caleb Duncan, Liftoff’s Engineering Manager, has some words of wisdom to share about password security:
“I certainly understand why password scrutiny can be frustrating at times, especially when websites require specific complexities that make passwords nearly impossible to remember. These rules exist as an attempt to make it harder for ‘bad actors' to get access to your systems and data. However, if we break down all the technical jargon, there are two main factors that affect a password's entropy or how unpredictable it is: complexity and length. In my opinion, many sites focus too much on the complexity side of a password. This leads to seemingly safe passwords, but they are impossible to remember. The actual truth is that, without length, most passwords are still easy to crack. This comic from xkcd sheds light on this problem.
Fortunately, certain tools and patterns exist to make things easier for us humans.
Password managers
Would you believe me if I told you I don't know 99% of my own account passwords? That's because I use LastPass for both my personal and business passwords. Using a password manager would be my first recommendation! LastPass is my software of choice, but there are several good alternatives out there.
Length matters too
If you prefer not to use a password manager and if your site of choice allows it, put more emphasis on the length of your passwords than the complexity. You may have already deduced this pattern from the xkcd comic I referenced earlier, but picking four random and unrelated words is far easier to remember than a short series of special characters.
Use distinct passwords for your sites
If you are using the same password for both your bank and any other site, please stop reading this and go change it right away! Once ‘bad actors’ crack a password, the first thing they do is try it on other popular sites.
As always, thanks to all our Liftoff customers! You truly are the best part of Liftoff!”