By Ralph Figueiredo
You’ve probably heard this advice before “Change your passwords periodically. Never reveal your password to anyone. Don’t use the same password for Yahoo, Gmail and your banking/financial institutions.” Well, below are some examples that we can all relate to, and it will hopefully give us some context when it comes to online passwords.
You might think that Gmail and yahoo, etc don’t need strong passwords as you don’t store confidential/financial data in those accounts. Well, imagine this scenario: Your Gmail gets compromised due to a weak password, the hacker then clicks the ‘forgot password’ link on your bank website. It’s obvious who you bank and invest with, as all those financial institutions have been emailing you statements and/or updates to your Gmail account. The Bank then sends a ‘reset password’ email to your hacked Gmail account. The hacker can now reset your passwords and has complete control of your accounts.
Don’t use the same password across all banking/financial applications either. If one gets compromised, all of them will be compromised.
Additionally, the User ID should not be your First Initial and Last Name, which is too easy to guess.
Please understand that no hacker is sitting on a computer to manually hack your account or anyone else’s for that matter. There are online tools available that does this for them. So, the old belief that ‘I’m not important enough’ or ‘I’m not rich enough to be targeted’ is invalid.
Programs automatically collect account information and then use it to hack accounts. It’s only once an account is hacked, that the hacker might personally look into the cookie jar so to speak, to see how much they can steal.
How are passwords hacked? Well, here’s an example anyone can understand/relate to: Automated software scans your Facebook account for your name, spouse, kids name, birthday, wedding anniversary, pet’s name, etc. It then inputs this together in different combinations, till it gets into your account. If your password is your pets name + your birthday, the program has thought of that combination too.
Some easy ‘Best Practices’ on password creation:
- Do not use dictionary words (English language or foreign) or proper nouns for that matter. Password cracking tools can run dictionary words and numbers automatically against the web site and will break those apart quickly enough.
- Do not use backwards words either, as the password crackers have already thought of reversing words in the dictionary.
- Do not use personal data such as family names, house number, important dates, and telephone numbers and so on. They really are too simple to guess for even the novice social engineer or anyone that surfs your Facebook account. (Read example above)
- Longer and wider the better. In other words, use more characters and more non-alphanumeric characters.
- Password should be minimum 8 Characters + some numbers + a special character for your online banking/financial institutions.
- Example of a strong password is a passphrase or sentence: MaryHad3Lambs!
- Better Yet: Mh3Ls! So, take a sentence and shorten it so it makes sence to you and this will help you remember the password too.
- Or, switch alphabets for numbers is another good trick. Example: I = 1; a = 6; E = 3; O = 0 (zero); Z = 2; S = 5; B = 8; etc.
- Change your passwords every 6 months.
- If your financial institution offers 2-factor authentication in the form of a token, or a sms or anything that you can use one time, in conjunction with your password to login, definitely opt for that additional layer of security. It’s well worth the little inconvenience.
Good luck staying safe in Cyber Space!
Get into contact with us;
*By Filling Out the Form Below
[contact-form-7 404 "Not Found"]