Someone Probably Knows Your Password

Printer-friendly versionPrinter-friendly version

By Josh Harding, ABA Systems Administrator

This year, hackers have made an unprecedented number of e-mail and password combinations publicly available on the Internet, including those of 164 million LinkedIn accounts (raise your hand if you have a LinkedIn account), 152 million Adobe accounts, 68 million Dropbox accounts, and 360 million MySpace accounts dating from 2008. That means that the e-mail addresses and passwords of hundreds of millions of people are available to anyone with the motivation to find them. 

You may not have used MySpace since 2008, but think back to the password you used when you signed up for it, or for LinkedIn or Dropbox. Now think of the password you use for your e-mail, social networking accounts, banking. Are they similar? About three quarters of us keep very similar passwords across multiple sites. 

Remembering all your passwords can be difficult, especially as they are increasingly required to be more complicated. There are probably many different sites everyone needs to log into on a regular basis and this can create an impossible contradiction: you can reuse passwords and remember them, or not reuse passwords and forget them but have your accounts remain secure (even from yourself). Fortunately, there are several ways to let technology help you handle this dilemma. Below are a few suggestions to help you regain some peace of mind about online security.

1.) Keep your passwords somewhere safe and use a different password for every site. Password managers are a type of software that stores your passwords for you. They often provide handy features like auto-filling passwords, addresses, etc. Popular and easy-to-use options include LastPass, Dashlane and 1Password; however, you don’t need to install software to keep track of your passwords. Keeping a notepad of important passwords is much better than using the same password more than once!

2.) Use Two-Factor Authentication. You are probably familiar with two-factor authentication (2FA), even if you don’t know it. The last time you filled your car at a gas station you probably swiped your credit card and entered your zip code. At a gas pump, you need to provide something you know (your zip code) and something you have (your credit card). On a website, the same reasoning applies when two-factor authentication is enabled: you’ll need to provide something you know (your password) and something you have (typically a text message, app, or popup on your phone). This makes it a lot harder for someone to break into your account: even if your password is compromised, there’s another layer of security protecting your account. Two-factor authentication can be enabled for most e-mail services, social networking sites, and banking sites.

3.) Monitor your e-mail account. A great site with a strange name — https://haveibeenpwned.com/ — will tell you if your e-mail address has been compromised; it also allows you to sign up for notifications that tell you if your address is compromised in a new breach. 

4.) Use strong passwords. If you’re using a different password for every site, the damage done by a password being compromised is limited to the single site on which it’s being used. If you need to choose between a single complex password and many different simple passwords, the latter is better. With a password manager or password generator, however, it’s easy to use good, complex passwords on all your accounts. A complex password is longer than eight characters; uses lowercase and uppercase letters, numbers, and special characters; and does not use any dictionary words (even with simple substitutions, like replacing i with 1). Sounds challenging? That’s why password generators are so great!

Stealing credentials, personal and financial information, and identities is tremendously profitable and is growing at a scale we’ve never seen before. Taking the steps above can help keep you from becoming the victim of one of these increasingly frequent crimes. 


Resources:

Two-Factor Authentication: google.com/landing/2step/

Discussion of good passwords: howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/

Online password generator: lastpass.com/generatepassword.php