The first Thursday in May has been designated World Password Day in an annual effort to promote better password habits. Using the same passwords on multiple accounts, in addition to weak passwords, is less effective when it comes to protecting your identity, accounts and finances.
Hackers are becoming more sophisticated, and security issues worsen with every data breach. The ongoing flood of stolen passwords makes it increasingly easy for them to determine patterns and cross-reference data to other accounts. According to the Identity Theft Resource Center, there were over 446 million consumer PII (Personally Identifiable Information) records exposed in 2018. Using sophisticated software, hackers are able to test millions of passwords in a very short period of time then sell them on the black market.
Worst Passwords of 2018
Last December, software firm SplashData released the Top 100 Worst Passwords of 2018. The company evaluated more than 5 million passwords were leaked on the Internet, and found that users continue to use the same predictable, easily guessable passwords putting them at substantial risk of being hacked. Here are a few:
Ideally, you should enable multi-factor authentication if available. Many sites are making it available and sometimes even requiring it.
You Have the Power!
You have little control over data breaches occurring due to unauthorized access or accidental exposure. You do, however, have the power to consistently practice good cyber hygiene in an effort to protect yourself. Password security depends mostly on you, and consistently being security-minded is critical to protecting your identity.
Best practices for creating passwords and security:
- Long and random passwords are the strongest defense; make long, complex, unique passwords a habit
- Use easy to remember phrases or string unrelated words together
- Use the maximum number of characters allowed
- Include uppercase, lowercase, digits, and special characters
- When using digits, do not use obvious substitutions, for example, a “3” for an “e”; hackers test common substitutions
- Avoid using personal information
- If possible, create a username rather than your email address as your login ID
- Use a very strong password on your email account; if a hacker gains access, they can use the “forgot login” function to obtain access to your email account then proceed to change the passwords for all accounts connected to it
- Change passwords regularly and immediately if there is a breach
- Avoid saving passwords on your browser; this option is designed to save passwords for your convenience not your security
- Select security questions only you can answer or provide fictitious answers; many security questions pertain to information that is available in public records (like where you went to high school) or on social media
- Close all accounts you are no longer using