And The Password Is...

Duane Cary, Senior Trainer, LexisNexis:


And The Password Is...






Over the past couple of weeks, a couple of incidents occurred that made me decide to do a series of three blogs on passwords. While at work, I got a standard email from the organization saying they had held some emails that might either be graymail or spam. In our system, graymail might be newsletters or marketing emails. Occasionally, a customer email may get held as spam, so I always check to make sure I am not missing any customer communications. While glancing at the subject lines, one caught my immediate attention. The subject line was simple: it was my name and a password. One of my passwords. A password that no one should have.   The email address was a random address and one I had never heard of. How had this person gotten hold of one of my passwords? The second incident happened when my wife got a notification on her iPhone asking her if she was trying to access her Apple account. The access point was Japan. She immediately changed her password for her Apple account. She rarely needs to use her Apple account or her password for it, and yet here was someone trying to access her account in another country.

These incidents reminded me just how important passwords have become in our lives. Everyday we are logging into our bank account, our email account, or a shopping account and entering some password that protects extremely private information that we want no one to see. So, a few characters are all that separate us from some of the more intimate details of our lives.

Since entering a password is such a tedious process, we often decide to keep the password simple to speed up the process. Depending on the site, we can keep it easy to remember: 123456. Or, some sites now require strong passwords. No problem: Password#1.

Except that is the problem. As I looked at the email with my password, I realized I had also used a simple password, something that was easy to remember and quick to type. And these simple passwords are used by millions of people every day. Hackers know that. By following the link, you will see the top 15 most popular passwords in use today as of this writing. According to the article, research suggests about 10% of employees working today use one of these passwords to guard their accounts.   Are you one of those employees? And if you are an employer, that should terrify you.

As you may have heard or read over the past couple of years, some major companies have been hacked and had their passwords and user ids stolen. Companies like Yahoo!, Marriott, and Equifax have had their systems compromised and millions of people’s personal information has been stolen, including passwords.

And most people don’t use multiple passwords. They have a favorite they like and use it on every website they visit. Which means that if someone has your email and your password from one of the major breaches, and you never changed your password, your life is now an open book.  

What should you do? Here are some best practices regarding passwords that should make hackers’ lives more difficult at getting your information.

The most obvious: “DON’T USE EASY PASSWORDS!”

Make them unique, and don’t include anything in the password that contains any of your personal data, like a family member’s name or your birthday.

Don’t use actual words

Hackers have software that search and use tens of thousands of dictionary words to try and guess passwords. If you don’t have an actual word in your password, it makes it harder to crack.

Use a different password for each of your accounts

If you use the same password on all your accounts, that means if it is ever stolen, hackers can access any of your accounts. It may be easier to remember just one password, so we don’t forget it, but it also makes it easier for hackers to get into all your accounts.

Update passwords on a regular basis

A lot of companies force employees to update their computer password on a 90-day basis. You should do the same for your own personal passwords.

Protect your phone

As phones are now basically mini computers, a lot of people shop or conduct business right from their phones, making them a possible liability. Make sure your phone is password protected. And better yet, if it supports finger print authentication, turn it on to make it that much harder to crack.

Use antivirus software

No matter how vigilant you are about what you are doing on the web, you could still get a virus that monitors your keyboard usage and logs your passwords. Make sure you keep your computers and phones up to date with software updates to make it that much more difficult for cyber criminals to snatch your information.

At this point in time, passwords are a fact of life. They are your best bet for staying protected while at the office and on the web. So, until a better system comes along, we need to be more careful in how we set up and use passwords. After all, they are your first line of defense in keeping your personal and financial information safe. In my next blog, I will look at some of the different types of passwords that you can use to make yourself safer.