According to the National Institute of Standards and Technology (NIST), complex passwords that contain a variety of characters are strong, but the longer a password is,
Weak passwords: there’s no excuse for them yet we still see so many people using them. It is often disregarded as unimportant and a result of not having a nominal level of security education and awareness. Weak passwords and password reuse account for over 70% of all computer and internet account breaches. People hate creating passwords and even more so, have a tough time remembering them. It’s a simple function of human nature that we call “password fatigue.”
Last month, a survey was published with the most common leaked passwords during data breaches that occurred throughout 2015. Once again, “123456” and “password” dominated the top of the list and new ones appeared, such as “starwars”, “princess” and “login”. While many consumers are attempting to use longer passwords, they remain so simple that most hackers could guess them.
As we celebrate “National Change Your Password Day,” it only makes sense to remind people everywhere that most online breaches are caused by weak or stolen passwords. Every time there’s a new breach, your personal data is leaked to cyber criminals who can use it as bait for phishing scams, to steal your credit card information, social security number, tax information or more. And once you’ve clicked on that link – accidentally or not – hackers can now implant a keystroke logger onto your laptop or mobile device, embed malware and ultimately steal your information, money and worse, your identity.
The cybercriminal playbook doesn’t change much for businesses either. One weak, cracked password or an employee falling for a phishing scam could yield a data breach that could ultimately put a company out of business, or cost them millions of dollars to recover.
As the CEO of Keeper Security, the leading global password management application, I advise people on how to protect themselves and their personal information. Here are some quick tips for improving your overall password security:
- Use a secure password manager. Utilizing a password manager like Keeper allows you to create randomly generated secure passwords for all of your sites so you do not have to remember simple passwords, reuse the same password and keep passwords on sticky notes or word files. The average person has over 25 passwords to remember and there is no possible way to remember all of them. A strong password manager like Keeper can give you peace of mind knowing that your data is encrypted and safe from cybercriminals.
- When resetting your passwords, be careful about the reset questions you choose. It’s easy to forget passwords for your various accounts and click on the reset button to get an email prompting you to pick another password. As a form of increased security, most sites ask you “security questions” that you must answer to enable a password reset. The questions are typically very simple: “What’s your maiden name?” or “What was the street you lived on growing up?” These questions are very easy to guess, especially with social media giving away so much personal data. Try to pick a question that nobody can guess to help increase the security of your password resetting feature.
- Use two-factor authentication. Many sites offer 2FA now so you should turn it on at all times – for your bank accounts, GMail accounts, Facebook, Twitter, etc. You should always choose more security over less!
- Change your passwords regularly. If you choose to not use a password manager, you should be vigilant about choosing strong, complex passwords and changing them every month or so. You must use unique passwords for each account and not recycle them. Enterprises should enforce password changing with employees every 100-120 days, as a standard business practice.
- Audit your passwords and your own personal security when data breaches occur, especially those that impact you directly. Every time a major data breach occurs, it’s important to be proactive and take precautionary measures to change your passwords immediately, as your personal data most likely leaked during the breach. It’s also not a bad idea to double check that your software and apps are updated regularly on both your personal computers and mobile devices and run your antivirus checks as well.
We hope you will take these security tips seriously — not only on National Change Your Password Day, but every day.