Hackers are humans and humans tend to be lazy. To that point, simply making yourself a target that is not worth the time can go a long way to keeping you safe online. There is a distinction between making it easy for them and making it more difficult than it is worth. Some people think that no one would ever bother going after them but if you make it easy, you can bet you are a target. Many folks think that a hacker could never “guess their password at random”, but hackers are more sophisticated than that.

Trust me, there is not a hacker anywhere simply sitting in front of a screen and typing many different password combinations. The first thing a hacker typically does is seek and find personal information online and then they use sophisticated programs to help ‘guess’ how that personal identification might be turned into a password. There are dictionary-based attacks where programs run names and other personal information against every word in the dictionary. There are brute force attacks that are exactly what they sound like, a program that runs all possible combinations of keystrokes along with a known username.

At a few thousand guesses a second, passwords are discovered that way all the time. A low-tech tactic is known as shoulder surfing. Not all hackers are technical geniuses after all. Shoulder surfers will try to catch you entering a password or pin code in a public space. Another prevalent scheme is email phishing and/or brandjacking. These scams try to trick you by pretending to be someone you trust, fooling you into installing a keylogging trojan then tracking your keystrokes to steal credentials. Pro tip: If the email request looks odd, ignore it, and do not click on anything.

There is no way to guarantee an unbreakable password. If someone wants something bad enough and is smart enough, given enough time, they will figure out what they need to do to get it. Most are not that patient though, so the traditional “best practice deterrents” are usually enough to make them give up and find an easier target.

Password Do’s:

• Use Multi-factor/Two-factor Authentication whenever it is available.
• Ensure the password is at least 8 characters, uses both upper- and lower-case characters, includes numbers and special symbols when allowed, and does not use personal information (the brand of car you drive, your favorite sports team/player, your dog’s name, et all)
• Do keep business and personal passwords separated.
• Do secure your computer with a password and log off or lock it whenever you leave it unattended for any length of time.
• Do use a password manager.

Password Do Not’s:

• Do not use the same password everywhere. If you create only one password for everything you do online, you are exposing yourself unnecessarily. It is obviously easier to use one password, but that practice provides a greater chance for someone to figure your password out, and when they do, they have the keys to your city and will have access to other online accounts.
• Do not write passwords down.
• Do not send passwords in emails or IMs.
• Never discuss passwords with others.
• Do not use the “Remember Password” function in browsers and applications.

Need help managing your passwords? Call us today!