Passwords – That Thing That Annoys Me
For most people, when you say anything about passwords, you basically get “Oh That Thing That Annoys Me”. Yes it does seem that everything we do these days has a password and there are too many passwords to try to remember. In addition, doesn’t it feel like a weekly thing where you hear company XYZ has been breached. The following millions of users have had their information compromised. Today’s post is about the worst passwords of 2018, per the yearly list posted by the folks at SplashData.
What You Should Be Doing With Passwords
All security experts, techs that you know, and that 12 yr old down the street that comes over to fix your pc, each time you have an issue, will all tell you that password best practices are to use a different difficult to guess password for each site. A difficult password…
- Has a minimum of 12 characters. Yes you are reading that correctly, 12 characters, so using the word password as your password doesn’t cut it (in more ways than 1).
- Has numbers, symbols, both CAPITAL and lower case letters. To you the non-techie person that means that your password should really look like 1Wg&cg3+hell@ (yes that’s 13 letters, we said minimum 12. You can go over 12).
- Isn’t a common word. So using your kids name, or your dog’s name, or the street you grew up on, or well the word password, is A VERY BAD THING!!!!!
- For The Record – Don’t cheat with the 2nd thing listed. So no using P@ssw@rd or Password1 still doesn’t cut it.
If you need help trying to remember all those passwords, there are apps out there that can help you track them all. Keep in mind that you will need a strong password on the app to track your passwords. So you are still not out of the woods when it comes to remembering passwords.
Here are some of the most common and widely used password managers
What Most People Really Do With Their Passwords
So now let’s talk about what most people really do with their password choice. For starters, most people choose something that “they can easily remember”, not realizing that if they can easily remember it, then the bad guys can most likely figure it out. In addition, most people use the exact same user name and password for every account they have, so your bank log in, social media log in, log in at the sports book (for those in locations with legal gambling), school log in, and any other log in your can think of is your main email account name and password.
Here is the problem with doing that, as with the latest breach seen with Marriott, once they know your log in account name (which remember is an email address) and the password for your breached account, they can easily go to your email and log in. Why, well because you use the same log in info for your email. The bad guys can then just try the same info, at the websites for all the major banks and credit card companies. If you used the same log in info in any of those, well they now have you there as well.
So How Can You Protect Yourself
For starter, use a password manager, and don’t use the same account log in info on every site. Secondly, virtually all sites these days offer 2FA, also known as 2 factor authentication. That means you will have to enter a code you receive in a text message to log in or use an authenticator app (yes another app), to get a code to log in, in addition to your user name and password. Finally and most importantly (courtesy of the folks at SpashData), DON’T USE ANY OF THE FOLLOWING PASSWORDS. If you are currently using any of these as your password…..CHANGE IT IMMEDIATELY!!!!
Honorable mention goes to the password listed at #20. If you look that password on-screen, I’m sure you are thinking, “What is wrong with that? It looks complicated”. All I will say is look at your keyboard. More specifically the order the characters are in, above the 1 – 8 keys.
The reality is, if a bad guy wants to get your information, they will get it. However, think of it this way, every time you leave your house you lock your doors. That does not mean you will never have anyone break into your house, that just means you want to make it harder for them to break in. Consider the passwords you use in the same mindset.