Prior to the Equifax breach, I admit to being lax in my personal cybersecurity. In my defense, it wasn’t so much that I was careless, I was just naïve to the risks that we face in our digital world.
Sure, I used passwords and followed all the basic rules. I assumed that big companies, the government and other stewards of my personal data, kept it secure in a way that I could count on.
In the past, that may have been enough, but after the recent Equifax breach, I decided to take a much more proactive approach to protecting my family’s personal information and reducing the risk of more serious problems down the road.
Your passwords – how you create them, how you manage them and how often you update them – are at the core of a strong cyber self-defense plan.
In a nutshell, stronger passwords will strengthen your cybersecurity. As obvious as that sounds, many people still have in adequate passwords and consistently make mistakes that leave them vulnerable to attacks in the future.
In fact, after doing the research for this blog post, I would even say (respectfully, of course) that whatever passwords you are using, they probably aren’t strong enough. And if you haven’t updated them recently, you may be at risk.
Read on and see if you don’t come to the same conclusion.
How to improve your cyber self-defense with stronger passwords.
Don’t make it too easy. High-level hackers have algorithms, databases and sophisticated software that make it easy for them to sort through millions of potential password combinations in minutes, if not seconds. Passwords that contain birthdays, names, sports teams, pet names and simple obfuscation (words like p@$$w0rd) are the easiest to crack.
To make life easier for hackers, fraudsters and other ne’erdowells, we provide them with a lot of personal information on our social media accounts, email correspondence and other facets of modern life. Even a low end, low-tech crook might have everything he needs to figure out your password pattern with a few guesses.
A client of mine who works in IT once told me, one of the most commonly used password combinations involves your dog’s name and either your current or a previous street address. He didn’t realize it at the time, but in that moment he had already cracked the password to dozens of websites that required my login credentials.
My passwords have since been updated.
Make your passwords longer and more complex. Advice surrounding the best passwords seems to be evolving as fast as cyber creeps can figure them out. Nonetheless, experts recommend a password that is as long as possible and that uses a mix of upper and lower-case letters, numbers and symbols.
For example, the password bailey81 might have passed muster back when you got mail from your AOL account. Today, experts say a better password might be B@iley8!8.
Better still, some experts recommend a nonsensical string of words such as ba!ley8rock$.
Longer, more complicated and more random passwords are best.
According to the website howsecureismypassword sponsored by Dashlane, the password bailey81 would take about 1 minute to crack. B@iley8!8 would take 5 decades. Ba!ley8rock$ would take about 47 million years – give or take.
Although many websites today don’t allow for it, the most secure websites recognize longer, complex passwords. Whenever possible, consider adding additional characters and numbers to your passwords. Doing so strengthens them exponentially.
With today’s technology even a lengthy, but relatively simple password like bailey8rock$ would take 200 years to crack. Of course, that’s assuming future hackers are still using current technology.
Mix them up. You know this one already: don’t use the same password for all your website logins. The problem, of course, is that you likely have dozens of websites that require login credentials. How on Earth can you keep track of them? More often than not, you probably use either the same password or some variation. Maybe it’s bailey81 on some sites, Bailey81 on others, etc.
The risk of using similar passwords is that once the bad guys figure it out, they can use it to unlock all your other websites with much more sensitive info.
At a minimum you should consider using a unique password for each of your most sensitive websites: your bank, your brokerage account, your 401k, email, smartphone, laptop, etc.
Change them often. Some websites require you to update your password every 90 days. Others don’t. If you consistently use long, robust passwords and create unique passwords for each of your most sensitive sites, updating them quarterly should be sufficient. For less sensitive websites that don’t have credit card or other personal data, you may be able to update your password less frequently.
When I was a kid, my grandparents used to park their car in the driveway overnight with the keys in it. The house was never locked and we never thought anything of it.
Times have changed. Eventually, the house started getting locked at night, the car was parked in the garage and the keys hung in the kitchen.
Today, we naively feel safe with a 6- or 8-character password, but that is changing as well.
Just how strong are your passwords? Find out by clicking here.
If your passwords aren’t as strong as they could be or if you haven’t updated them in the last 90 days, do so now.