Today is World Password Day 2018, an annual celebration that fights identity theft on the internet by asking people to pledge to #LayerUp. #LayerUp means securing your data with multi-factor authentication (MFA), i.e. more authentication layers. If you wish to join the movement, visit the Password Day website and take the pledge.
Multi-factor authentication is becoming increasingly available for a multitude of products and services, from gaming platforms to home and mobile banking. By combining your password with an additional form of authentication, you are significantly decreasing the risk of someone hacking your account. Face and fingerprint ID are now commonplace and their use goes well beyond unlocking your smartphone or computer. Whenever possible, use them.
Today though, we’re celebrating the first and most common layer of protection: passwords. Everybody uses them, but despite being around since well before the dawn of the worldwide web, many still make basic password mistakes that can cost them dearly. These are the 7 most common ones:
#1: Using personal information as your password
Names of pets, relatives, sports teams or year of birth are among the most common passwords. This means they’re among the first words cracking software takes a shot at. With the help of social media, gathering your personal information is easier than ever so avoid using words one can easily extract from one of your public profiles. Random combinations of characters may be hard to remember, but they are also harder to crack.
#2: Using the same password everywhere
Using a single password everywhere may guarantee you never forget it, but it’s also the easiest way for someone to take control of your digital life. All it takes is a successful phishing attack, which according to an Intel Security study published in 2015, 97% of people can’t identify them.
#3: Sharing your password with other people
Despite sounding like an obvious mistake, this is quite common among family and close friends. Avoid sharing passwords in written form even with people you trust. Their passwords might not be as good as yours might and if someone accesses their email or messaging account, your login and password can be there.
#4: Only slightly changing your password when asked to do it
Someone attempted to access your PayPal account and you have to set a new password. Thinking of simply adding a “1” at the end? Don’t. Password-guessing programs have been able to circumvent this for some time now so you’ll most likely end up getting another email asking you to change it again. A recurring mistake is adding “!” or “?” at the end of your current password, something – you guessed it – most crackers are aware of. Use punctuation between characters, but not at the end of your password.
#5: Using patterns
“1qaz2wsx” looks like a random, hard to crack password, right? Now try looking at your keyboard. It may look clever at first glance, but according to SplashData, this was one of the worst common passwords of 2015. It’s a pattern, i.e. the opposite of random, i.e. easily detectable by password cracking programs.
#6: Using short passwords
The longer a password, the harder it is for brute-force attacks to crack it. If you still use 5 or 6 character passwords, update them to a 12 character minimum.
#7: Storing your passwords in a document
Having a spreadsheet or text file with a list of your usernames and passwords may sound convenient, but it’s a very dangerous convenience. Ransomware attacks exploded last year and even a not so well-intentioned technician can access that file next time your PC is in the shop for repairs.
So, what should you do?
If you wish to test your password’s strength, haveibeenpwned.com is a good place to start. Run by Troy Hunt, Microsoft Regional Director and Developer Security MVP, the website stores over half a billion passwords previously exposed in data breaches. We strongly advise you to give it a go. While you’re there, you should also test your email address and find out which attacks it was involved in, as well as the data compromised in those attacks. It goes without saying you should change your password on those websites if you haven’t already.
Nevertheless, a strong password is still ground zero when it comes to protecting yourself on the internet. Whenever possible, use multi-factor authentication. Most services you use have two-step verification processes in place, although it might not be the default setting. Enable it and #LayerUp.