It’s time to look at insecure passwords and unhealthy habits. Every year, about this time, I visit lists of commonly used passwords around the world. It’s a tech support horror show of bad practices and lazy behaviour. I drive some customers up the wall with my harping about basic password security. Passwords are your first line of defense, but many don’t take them seriously. Yes, they are inconvenient, but unavoidable.
What makes a bad password?
The short answer is anything easily guessed.
That includes your children’s names, 123456789, simple dictionary words, the word “password”, your name, your street address, qwerty, 1111111, Mozart, and a host of easily guessed combinations. I’m never surprised anymore when I sit down at a customer’s computer and they can’t find their passwords. Too often, I can figure it out in less than 10 min. Invariably their response is “how’d you do that?” Yes, I figured out your password by looking at the name you have on your router Wi-Fi. No that is not a good way to remember your email password. Then comes my lecture about password security.
Most of the simple passwords are a result of lazy thinking and inertia. They’re picked because they are easy to remember. Worse still, many people never change their passwords. If a company is hacked, you may not know about it for months and even years. If you are in the habit of changing your passwords every 4 months, you decrease the chances of having someone hijack your account and not knowing until it’s too late.
Let me explain in a little more detail. Years ago (over 10 now), Bell’s Sympatico email was hacked. It was a mass hack and thousands of emails and passwords were stolen. By changing my passwords on a regular basis, I prevented a catastrophe. How? Well, those email passwords are still floating around on the internet. I go into my security settings and look at all the failed attempts to log into my account, by people who have the email address and the old password. Some days there are dozens of attempts to gain access to the account.
As an experiment about 2 years ago, I switched the password back to the stolen one. A couple of us were curious as to how long it would take for someone to gain control. Since I rarely use the email, I wasn’t too worried. I changed it back and was staggered. Within 2 min, the account was breached and within 10 min spam was flooding out of the account. I changed the password, cleaned up the mailbox and went in to check the mail forwarding and reply. Both had been changed. This meant any replies and all my regular mail would have been automatically sent to this new email address. That password was stolen (at that point) over 8 years prior but was still kicking around the internet.
Consider this. If I used the same password on multiple accounts, it wouldn’t have taken long for those accounts to be breached as well. It’s a cascading disaster.
How to keep passwords secure
Have unique passwords for each account. This means don’t use one password and change the last character for each account. If you use Hotdogs (not a good password!) on your email, don’t use Hotdogs123 for your banking account. If you have difficulties creating passwords, get a password generator. Those are apps that will generate difficult passwords that don’t fall into an easily recognized pattern. I started using one years ago when I realised my passwords all tended to use one side of the keyboard. No idea why I do that, but it’s a nasty habit.
I also use an encrypted password keeper. Face it, it’s impossible to remember even a fraction of the passwords that guard our accounts. I have over 200, all different. There are several excellent ones on the market. Dashlane is a popular and easy to use option. It combines both a random password generator and an easy-to-use interface for storing passwords. It also synchronizes across platforms. I have a customer who syncs between a Windows laptop, an iPad, iPhone, and an Android device. Once everything was setup, she rarely had issues.
The free version will save 50 passwords. After that, you need to invest in a subscription. Look around and ask for recommendations from people you know and trust.
What you want to look for these features:
- easy to understand screen
- password generator
- easy to organise passwords into categories
- easily synched between devices
- options to upgrade if your needs become more complicated
- cost. If you don’t have a lot of passwords to maintain, look for a “free for home use” option.
If you are given the choice, use Two Factor Authentication (2FA)
Many accounts will allow you to set up 2FA for your passwords. For some reason, whenever I think of 2FAs, my mind flashes onto those old decoder rings that came in cereal boxes. 2FAs are more secure, but not as fun. Two Factor Authenticators tie your smartphone to your online accounts, making it difficult to access email (for example) without that phone.
Let’s continue to use email as an example. When you sign onto your email, you’ll be greeted with a window prompting you to type in a randomly generated code. This code will be supplied by an app like Authy or Microsoft Authenticator. Fire up your smartphone, open the authenticator, tap on the program you want to access, and a random number will appear on the screen. Type the number into the prompt box, tap enter and bingo, you email opens.
Here’s a tip: if you use 2FA, make sure it’s backed up or you’ll be faced with a nightmare if you lose your phone.
The quick takeaway on passwords
Stop using “monkey” and “password”. Change your passwords regularly. Use 2FA when offered. Use a random generator. Stay safe.