How many of us enjoy flipping through the television stations late at night and stopping on an old re-run of one of our favorite TV shows from yesteryear? Think of shows like the Mary Tyler Moore Show, The Brady Bunch or Full House. One such sitcom I remember watching with my parents was ‘The Golden Girls’, and my favorite character on the show was Rose Nylund. As many of you know, Rose Nylund was played by the Emmy Award winner Betty White. I mention Betty White today because she seems to be everywhere these days, from past and present sitcoms, to SNL and many commercials (love the Snickers one!).
However, one place I didn’t expect to see Betty White was as the spokesperson for the website passwordday.org, a site dedicated to promoting World Password Day (celebrated on May 5th, 2016). But there she was, videos and all, giving “Password Pep Talks” on how to make your online life more secure. *Disclaimer: while I, as a security professional and Rose Nylund fan, found the short videos to be comical, I fully disclose that the content isn’t exactly G-rated so please be advised.
Creating and maintaining passwords is one of the most critical (and easy) steps a user can take to keep the information stored on their computer or portable devices safe and secure. Recently, in fact, the popular business social networking site LinkedIn announced an update to a past major security breach where they now say that a mind boggling 165 million accounts may have been successfully compromised. This number is up from the originally reported 6.5 million accounts. The alert suggests that ALL LinkedIn users should change their passwords immediately before hackers have the opportunity to use their stolen credentials against them. Many of us utilize LinkedIn to help network professionally, so to aid in the effort to keep us all secure, I’ve included a few steps below to assist in the process of updating our LinkedIn passwords:
Visit linkedin.com and sign into your account.
Once logged in, move your cursor over your profile picture
Go to Privacy & Settings and click Manage
Locate ‘Account’ and click Basics > Change Password
And on a separate note, while logged in I would also suggest turning on 2 Step Verification.
While I won’t go to the same extreme as Betty in the ‘Friendly Advice’ video in describing maintaining passwords, I do agree that selecting and remembering passwords can be annoying and inconvenient. I feel it is for this reason that many of us have a habit of creating bad passwords. Just how bad are our passwords habits? Well, statistically speaking, 90% of passwords can be cracked within 6 hours. If you prefer to shop online like me, or check your banking accounts online, etc, then creating a strong password is a critical step for us to take.
Here are some steps to change your potentially bad passwords to good ones.
1. Avoid common passwords. There are many commonly used passwords we see listed as the ‘worst’ passwords year after year (if you utilize one of these—change it NOW!). Some of these passwords include, ‘123456’, ‘password’, ‘111111’ and ‘qwerty’. New entries this year (2015) to the top ten worst passwords included ‘football’, ‘baseball’ and ‘welcome’. According to a past studies, it is reported that the 100 most commonly-used passwords make up over 60% of all passwords. Avoid simple dictionary words that can be easily guessed or selecting easy to remember passwords because of keyboard key positioning. Don’t kid yourself; cybercriminals are fully aware of our lazy practices, and they make their living by capitalizing on us.
2. Steer clear of personal passwords. When creating passwords avoid passwords that are based solely on personal information about yourself or your family and that can be seen readily online on your blog or social networking site. For example “10865” is not a strong password if your birthday is October 8, 1965, especially after you just announced your age and birthday on Facebook publicly.
3. Take the extra time to create a Strong password. Strength of a password is measured by a combination of its length and complexity (mixing in numbers, letters, capitals, symbols, etc.). And believe it or not, length plays a bigger role in password strength than complexity. Passwords should be at least 8 characters in length but 12 characters or more should be the norm (I’m serious!). You might think you don’t have the time to spend logging in with a complicated password each day, but trust me—you do if it saves you the time of attempting (usually unsuccessfully) to obtain your “ransomed” files from a nameless hacker, or discourages an online cybercriminal from choosing your bank account over someone else’s because yours is taking too long to crack….it’s worth it!
4. Get creative when arriving at passwords. I feel that individuality can make creating strong and easy-to-remember passwords enjoyable, especially when sharing the importance of strong passwords with small children and even young adults. Taking in to account point 3 above, I would suggest using a short phrase as a password. For example, MyD@distheb3st (aka. My dad is the best). Something a child could be trained to remember (do not underestimate a child’s capacity to retain information!) based on a phrase they understand and yet we have also establish a strong password.
Given the tips and suggestions above for creating passwords, below are some additional tips on how to keep your passwords secure. Most of them may be seen as “common sense” but research proves that they are not being practiced. Be different! Be secure with your information and your identity.
1. Don’t share your passwords with others. A good rule of thumb may be to treat your password like your house key. It’s probably best not to share your house key with all your neighbors and friends at school and work. They don’t belong in your “stuff” and you can invite them over when you are present!
2. Never text, email or post your passwords online. Any time you share your passwords in this fashion you are essentially allowing full public access to your account information. Using the example above, it would be similar to leaving your front door wide open when you leave home or go on vacation. If it is necessary to share your password with someone else, take the time to share in person or in a phone conversation, rather than a text.
3. Change your passwords regularly. The hard truth is that no password is truly secure. You also have the human element (socially-engineered schemes, phishing attack victims, etc.). Yes, it takes some time to keep passwords updated, but the time wasted and lost with an infection or when your machine is hacked is far worse. Prevention is better than trying to find a cure.
4. Use different passwords for different sites and activities. As the saying goes, don’t to put all your eggs in one basket. The same can be said in relation to passwords—do not use the same one for everything. It’s easy (lazy) but can cost your dearly. Although we are creatures of habit, it is unacceptable to use the same easy password for years across your log-ins. The reality is—you will be hacked and then you will wish you had spent some time on being creative and switching things up more frequently. If you happen to get tricked into sharing or entering a password or an e-commerce site falls prey to hacking, you will not have all of your various accounts exploited if you have various (and strong!) passwords.
5. Make use of a password manager. A good password manager safely stores all your passwords and organizes passwords. Password managers usually store passwords encrypted, requiring the user to create a master password; a single, ideally very strong password which grants the user access to their entire password database. This feature was created with the intention of keeping us safe and organized. Why not utilize it?
6. Utilize two-factor authentication. Two-factor authentication (aka 2 Step Verification) is a method of confirming a user's claimed identity by utilizing a combination of two different components. A quick example is a bank card. You have the physical card itself that needs to be present in order to withdraw money but as a second step also need your PIN, as this is a number only you should know. Many websites will have you login to their site with a username and password, but then request a mobile number or similar to continue with the login process. Two-factor authentication does not provide absolute security of but it does provide you an extra level of security by making it harder to breach your accounts.
So what do reruns of our favorite old shows and online security have in common? Not a whole lot, except for Betty White, who has connections to everything, apparently. But if we don’t want our personal information and files to be re-run by a hacker, then strong passwords are the Key to keeping our online doors locked. The truth is--by just taking the time to keep passwords fresh, not sharing them, and putting levels of length and verification to them—we are head and shoulders above the rest of most online users. Sometimes that’s all it takes to separate an infected machine from a secure one. It’s time I am willing to spend. Let’s face it, if you are like me and take the time to flip through all of the channels –just to see what is on, or better yet—what ELSE is on, then let’s partner to take the time to flip our passwords now and then. Like Betty White says in one of the videos, “love is a battlefield, but your online security doesn’t have to be”.