Passwords are a pain, aren’t they? How can you be expected to memorize a password that has an arbitrary number of capital letters, special characters, and numbers? Oh, and it also has to be a certain length, you aren’t supposed to use the same password multiple places, and sometimes they make you change it to something else after a while!
Come on man, that password was easy to remember! Never gonna remember the new one!
It’s annoying. But trust me when I tell you that it is very important that you don’t dismiss the importance of a Password Plan.
A Password Plan is a strategy for selecting, recording, and managing your passwords. If you establish a good one and follow it, you can be assured that your personal information is as safe as you can make it and any breach will be contained. Think of it as a defensive strategy for your personal information.
You may be thinking now that it is too much trouble. People usually do when it comes to their passwords – there is a reason that 123456 and password are still among the most used passwords. Unfortunately – ignoring the problem doesn’t make it go away, and bad password management is to blame for most security breaches and an untold amount of financial damage.
Are you at risk?
Just to give you an idea of how insecure you may be, visit HaveIBeenPwned.com and enter the email address you use most for online shopping. You will see a list of every major data breach in recent years that exposed some of your data, along with several lists of personal information that have been found “in the wild” containing your data. If nothing is found – congratulations, you have been very lucky! Either way, hopefully you can see just how much of your data might be out there, and how important it is to protect it.
Following all of those password rules is such a hassle…
The more secure something is, the more inconvenient it is to access. This is true of your computer and just about everything else in life. Let’s start with your front door. If it didn’t have a lock on it, you could just breeze right in the house. But so could anyone else. So you put a lock on it – and now to get in, you have to:
- Get out your key
- Put the key in the lock, and turn it
- Remove the key
- Put the key away
Four extra steps – and that is if you are lucky enough not to have to juggle items or children in your arms, figure out where in your purse the keys are, or go back to your car where you left your keys, only to find that you locked them inside….
Wouldn’t just opening the door be easier? Of course it would, but most of us wouldn’t dream of going without locking the front door. The same should be true of the way you secure your data.
We can all agree that passwords are a necessary evil, but why all of the extra hoops? The answer to that lies in how the bad guys are trying to gain access to your passwords, and what they do with them once they find them.
What are they doing with my password?
First off, if someone gets your password, they are likely trying to access your accounts. Even if they manage to get access to something fairly harmless (like a message board or a recipe manager), they still have gained enough to build a profile of you – which could lead to gaining access to more sensitive things down the road. And you can bet they’ll try to use that password and email combination on other sites, in case you use the same password for everything! So many people do.
Sometimes your passwords are exposed as a part of a much larger security breach. Exposed data – passwords, credit card numbers, names, and other identifying information are bundled up and sold online. Passwords end up on large lists used by hackers to try and access other accounts. These lists never go away – so if you’ve ever had a password exposed, you can never go back to it! It won’t ever be safe again. It isn’t just one hacker with your data, it is potentially all of them.
Bad passwords can lead to malware, identity theft, credit card fraud, extortion … it can spill over and affect your business and even your family. Sometimes that information can be used against you again by targeting you with SPAM and phishing schemes. See our article from last week to see one way how they use the information.
It isn’t just you that is at risk, it is everyone you are connected to. The Target data breach from 2013 exposed the personal information of millions of customers – and it all started because one person (who didn’t even work at Target!) had their information exposed. The hackers were able to use his access to work their way into Target’s system. The bad guys don’t just stop once they get your information, they use your access to try and gain access to those around you as well.
Ready to set up that Password Plan?
Hopefully you can see how important it is to secure your data. Here are some of the things your plan should include:
- Make sure the passwords you select are long. Different sites will frequently have various requirements for a password, including a mix of upper-and-lowercase letters, special characters, numbers, and length. Of course you will need to follow their guidelines. However, absent that – use a long phrase as a password. If you aren’t required to include any special characters, a nice long password is going to be far more secure than one with a bunch of random characters. “TheLordoftheRingsTrilogy” would be a much harder password to crack than “P8QF$mAT” – and easier for you to remember. Shoot for at least 12 characters!
- Do not use the same password for multiple accounts! Once one password is compromised, the bad guys absolutely try and use it to access every one of your other accounts. Maybe they gained access to your fitness tracker, but if you use that same password for your bank… you have a big problem.
- Use a password manager. And purchase the premium versions – they are very inexpensive, and a small price to pay for the benefits. Not only do these encrypt and store your passwords, but they will log you in to some sites automatically and feature strong password generators. With them, you can generate long and complex passwords for all of your accounts – and the only password you will need to remember is the password to your password manager. They even automate password generation to the point where it is easier than just trying to come up with a good password and remember it.This is the one password security measure that will make things easier, instead of harder. Consider Dashlane, LastPass, and 1Password when shopping for a good manager.
- Don’t leave your password out! So the old bit about having a password on a post-it on your desk being a bad idea is still true – don’t do it. Taken a step farther, don’t just have a large spreadsheet with all of your passwords stored on your computer or in Google Drive. If your information isn’t encrypted (which a password manager does), that list getting compromised could cost you. If you need a list of passwords, refer to #3!
- Use Two-Factor Authentication. Or 2FA – for short. You may already be using this – if you log in to anything that requires you enter a code that is texted to you, or your fingerprint, or some other form of authentication in addition to your password – you have it. If someone should gain access to your password, they still can’t access your information if 2FA is set up.
Do you need to use this on everything? No – if you use different passwords for all of your accounts, you probably only need to use this on your most sensitive accounts, like your password manager, bank and credit card accounts, as well as anything else that has information identity thieves would want should also be protected with 2FA.
There are many other things that you can do to secure your computer and data – but when it comes to your passwords, this should get you started on remaining secure. If you want to go into more detail, ReadeTech can discuss with you the ways you can make your data and personal information a little more secure. Contact us today to schedule a consultation!