Short, guessable passwords are an open door for hackers
Create long, unique, memorable passwords for all online accounts.
Passwords have been with us for millennia in many contexts – from military sentry challenges to today’s cyber needs.
Based on Wikipedia, personal computers have always been adept at character-by-character entry, password comparison and, too often, rejection! Guidance on password creation and oversight has varied over the years. It became more of a concern with the Internet and the advent of hacking. “Making good password choices is the single biggest control consumers have over their own personal security posture,“ per security expert Troy Hunt.
Hackers assume that we are lazy. Based on a recent study, they start with ‘admin’, then try ‘12345’, ‘default’, ‘password’ and ‘root’. Astoundingly, ‘123456’ was found 23 million times in breaches!
Previous password orthodoxy dictated a character assortment – letters of mixed case, numbers and special characters – of an 8-16 character length. This approach has recently been superseded by recommendations from the National Institute of Science and Technology to create long, memorable passwords or passphrases, such as “My cat Felicia eats fish for dinner.” If a passphrase’s length is limited by the app or website, you can use the first letters of the phrase’s words with a number and/or special character at the end, as a shorter, more memorable compromise; e.g. McFeffd2# would be the shortened version of the passphrase above.
It is further recommended to always use different passwords or passphrases for different accounts. If all of your accounts have different passwords or passphrases and a cybercriminal breaks into one of these accounts, they will only get your personal information for the account they break into.
After selecting a password or passphrase, use a password checker to gauge its strength, e.g. http://www.passwordmeter.com/.
Change passwords when a major breach occurs, not on any regular schedule. Again, diversity across your online accounts should be standard practice.
As we know, every year there are data breaches and more sets of credentials (user IDs and passwords) are leaked onto the Dark Web. Criminals commonly collect these credential dumps and try these user IDs and passwords at financial sites, email providers, mobile smartphone providers, social media sites and others.
So, be especially careful with passwords for your financial accounts, making them as long as possible (longer passwords are harder for hackers to decipher), memorable and diverse.
If you only access a few websites requiring ID/password, the old-fashioned “paper password notebook” may be all you need for record-keeping, Following the preceding guidance on password creation, write the passwords down in your notebook and keep it in a private, secure place until changes are needed. For the many who access a large number of websites, a password manager may be for you.
FOR FURTHER READING:
CyberGuardian: a SecureTheVillage Guide for Residents is available on Amazon.
A complete Security Checklist is available: https://www.nerdsiview.com/security-checklist-2/
References for Village Residents are available at: hhttps://securethevillage.org/residents
The Case for a Paper Password Notebook, Consumer Reports, October 2019.
© Alan Steven Krantz 2021