Password Security: First Line of Defense

August 31, 2021

In 2019, 23.2 million victims worldwide used “123456” as their password, according to Security Magazine*. Making a few small changes to your passwords can go a long way to help keep your data and identity secured. Recycled passwords, uncomplicated passwords, and real words could be opening you and your company up for a security breach. 

Don’t Recycle Passwords

According to a survey by Google**, 66% of Americans use the same password across multiple inline accounts and 13% admit to using the same password across all accounts. It certainly makes things easier to keep track of. But it means it just takes one breach to open you up to a threat. If news breaks that your favorite streaming platform had a data breach that involved passwords, you might not be too concerned, but if you use the same password for your streaming platform and your BMV account, that could spell trouble.  Don’t recycle your passwords. Make sure each platform login you use has a different password. 

Old Passwords Are Risky

If you can recall the last time you changed your password for your banking app, you could be opening yourself up to be hacked. The longer you’ve had a password, the longer a hacker has to match your login to your password.  Refreshing your password at least every 365 days is the new best practice according to Microsoft.

Avoid Uncomplicated Passwords

As mentioned above, 123456 is a pretty common password, making it easy to crack. Passphrases with letters swapped out for symbols is an easy way to beef up your security. This takes your type of character count up, ensures your password is at least 10 or more characters, and introduces more overall combinations. For instance, Password123 becomes MyPa$sw0rd!s12# for a higher level of security. 


Dictionary Words and Personal Information

This tip ties in the with tip above. One regular word as it is spelled in the dictionary is an easy password to crack. Taking your password from Technology to T3c#nologyr0ck$ adds to the complication of your password and makes it tougher to guess. 

It can also be easy to guess your password if it is something personal such as your pet’s name, which could be found on social media. Keep your personal information out of your passwords. 

Security Question – Not Always Secure

If your school-aged kid has a photo on social media with their name, age, favorite color, what they want to be when they grow up, and more, you’re giving hackers hints as to how to answer your security questions. Be careful not to share information on social media that could be used to answer your security questions. Also be sure to choose security questions that would be harder to know about yourself. For instance the street you grew up might not be found on your social media account but the name of your high school mascot is easy to figure out. 

Change Compromised Password Quickly

In the event you experience a breach or a phishing attack, you should change your password for that account and any others using that password, following the above guidelines, immediately. Leaving a compromised password unchanged makes you vulnerable. To reduce the chance of this, you must change your passwords immediately.  

A Password Manager Can Simplify Passwords

You may be thinking that you’ll never be able to keep track of all of these complicated ever-changing, longer passwords. Maybe that’s true. According to Panda Security***, 75% of Americans say they feel frustrated trying to maintain and keep track of their passwords. But that is why password managers exist, such as Dashlane or LastPass, both of which have free versions and paid versions with more features. A password manager stores all of your passwords securely and offers tools like password generators that create complex passwords (then save them) for you, monitoring of compromised passwords, and even allows you to share passwords with trusted colleagues and family members.

“If you put a key under the mat for the cops, a burglar can find it, too. Criminals are using every technology tool at their disposal to hack into people’s accounts. If they know there’s a key hidden somewhere, they won’t stop until they find it.”

Tim Cook, CEO, Apple

*Security Magazine On Equal Ground Security and SMBs Whitepaper, April 2021

** https://services.google.com/fh/files/blogs/google_security_infographic.pdf

*** https://www.pandasecurity.com/en/mediacenter/tips/password-statistics/