The time has come for a little heart-to-heart about your passwords and security. We have all lived the story. You’re in a hurry, yet another online platform is asking you for a password, and so you tap something in. Promising yourself to update it with something better later. What did you pick? password1? password123? qwerty2020?
To make all of us feel just a little worse about what we’ve tapped into keyboards before – here are the top 10 worst passwords from 2019.
Is yours here? (I’m not telling you if mine is…)
If your password isn’t listed here in the top 10, don’t pat yourself on the back too soon…
We know we’re meant to be protective of our information online, but do you know why? What can be done with your information or access to your online platforms? Here’s just a sample: ransomware attack, identity theft, credit card fraud, redirecting your business website to a spam site, phishing attack, extortion, selling your personal data to third parties, email spoofing, and more.
Have you ever had a friend apologise for their Facebook account being hacked? That’s either a weak password or duplicate that has been used on a different website that has had their data compromised.
Have you ever had your email account used to send out spam without your knowledge? Either a weak password or duplicate that has been discovered on a different website, during a data breach is usually the culprit.
What does a hacker do when they have “found” or purchased a list of usernames and passwords on the dark web (yes, it is getting a bit dramatic now)? Armed with this happy combination they head over to a range of well-known websites e.g. any social media, Paypal, Gmail, Yahoo, banks, etc and try to get in. Why? To get access to emails, steal identity-related information, steal email addresses from contact lists, look for more passwords contained in emails, plant viruses, send virus attachments in emails to others from your account, pretend to be you on social media to see who else they can rope in. Any private, personal information is at risk. And your $s too. These identity-theft criminals use this information to run scams.
Depending on the hack, this could derail your professional life, your private life, or both.
Answer these 5 questions to see if your password is truly terrible.
The fewer characters used, the faster it is for hackers to crack your password and get into your platforms to take advantage of you. Hackers are not leisurely tapping random letter/number combinations and dogs’ names into a keyboard, hoping they get into your email. They’re using computer programs to run through every possible combination of letters, numbers, and characters in seconds – far more than they could ever do manually.
A short password makes light work for hacking software. Besides, if a password is shorter than 8 characters, it’s more likely to be something super hackable like kitty1 than it is d9i#6H, right? Even lighter work for the software!
The remedy: Make your password longer than 8 characters. Be generous.
Personal information about you is remarkably easy to get a hold of, especially when you have innocently shared it in public on social media. Pics of your birthday cake or anniversary date, your child’s birthdate, your suburb, school, your mum’s maiden name, etc. – it’s all easily available. Even if you’re sure you’ve steered clear of sharing your birthdate online, there are only 365 days and 12 months in a year. If you add the last 100 years for your year of birth – that is not many potential combinations. Imagine how quickly a computer program could rocket through those number sequences.
Hot tip: Also avoid your business name, a play on words from your business name, your business address, part of your phone number, etc. This is still too close to home!
The remedy: Use random letters, numbers, and symbols.
Thankfully, these days most websites force you to include more than letters alone in your password, but there are still some holdouts. Let’s take this further. Are there full words in your passwords, even if there are numbers and symbols too? There are approximately 170,000 words in the English language, that’s a quick crack for a hacker’s brute force software. Remember: If it’s in the dictionary, it’s easily cracked.
The remedy: Use random symbols, letters, and numbers in your passwords.
This trips up a lot of people! Even if you have a strong password – but you use it on multiple websites, you’re at risk!
Every few months, news sites report a data breach on some popular website, utility provider, or even a government department, and email addresses are leaked. At first, it sounds innocuous, my email address is no secret, surely. But here’s the scenario:
You can see how this can snowball across a lot of platforms. What other platforms have you used that password on? More online shopping, government websites, online banking?
Armed with your go-to password, hackers are set to wreak havoc on your online and offline life.
The remedy: Use a unique and strong password for each platform.
Unless the website you’re a user on forces you to change your password now and then, a lot of us keep passwords for a very long time. I have been guilty of this myself (shhhh!). Again, even if you have a great password, if you’ve had it for 7 years(!), you’re leaving yourself vulnerable to a hack. Time for a change. The more sensitive or valuable the data is, the more frequently you should change the password.
The remedy: Change your password regularly.
You might be thinking, how are you supposed to memorise all of this: unique passwords with random letters/numbers/symbols, that you have to reset regularly?
There are plenty to choose from, often free or with pro levels for extra features, e.g.: LastPass, Keeper, Google Password Manager, 1Password, etc. You have one master password (ironically), or you can set up multi-factor identification, which gives access to your passwords on your device. Your stored passwords are encrypted and synchronised across devices, so it will be as easy to log in on your laptop as your mobile phone.
Here are other reasons to use password managers:
Hackers find ever more devious ways to access our data, and with the powerful tools available to them, it can be difficult to stay ahead of that curve. It is not possible to completely eradicate the risk of getting hacked, but you can reduce the risks by following the advice and remaining vigilant about your passwords.