Password Paranoia

By Anton Scott.

The issue with universal passwords

We have all been there, midway through creating a new account for a streaming site, subscription service, or online store and have been met with the daunting “Choose a Password” screen, with an endless list of criteria to follow to ensure a strong password.  But you haven’t got time for this, so like 65% of all other people, you choose to reuse your universal password that has served you well for the last few years. Piece of cake you think. You know this password is ingrained in your mind because you use it all the time, you won’t forget it. You know it’s slightly risky to indulge in these lazy password practices, but you disregard your inner critic, after all, who would care enough to hack you anyway? You’re just being paranoid right? So you log in with ease and go about with your day.

The next week you wake to find that you cannot log in to your email, that’s odd you think. You retry your universal password numerous times with no avail. You send a reset link to your backup email; after all, you never bothered to set up 2 Factor Authentication (2FA), who needs that anyway? Attempting to login to this other email, you are met with the same message: “Incorrect Password”.

Now here is where you begin to get worried, you begin to put the pieces together and arrive at the conclusion that you may have a security breach. Hopefully, it is just your email accounts. But unfortunately, this is only the tip of the iceberg, for your online banking, online shopping, insurance and all other essential sites that you have used this favoured universal password for have been swiftly compromised. Your payment info has been swiped; your personal details have been extorted and are now in the hands of a cybercriminal who wishes to use these credentials for personal gain. But I suppose you were just being paranoid.

As unlikely as it seems, this is a very real threat that many of us face in the digital age and not enough of us are doing enough to ensure that our passwords are truly impenetrable. According to the NSA, there are 300 million hacking attempts per day, at this rate, it is sheer luck if you have not yet been targeted. With the threat on the rise, it is essential that we begin to implement more robust password practices.

Vulnerabilities & How to protect against them

A weak password falls vulnerable to brute force crackers where multiple combinations of characters are tested repeatedly until the password is cracked. The shorter and less complex the password, the faster the software cracks the credentials. A longer password can & will deter a hacker from using this type of attack as it will take an immense amount of time to crack. Lengthen your password.

A dictionary attack involves the program sifting through a preset list of common words frequently used in passwords. The more standardized the word ie. “ballistic” the more likely it is to appear in the wordlist and result in a crack. Therefore, diversify your use of characters: “Ba11i$tiC” would be a much more secure choice due to its blend of capitals, numbers & symbols.

Phishing attacks are common but easy to spot if you know what to look for. They often attempt to set a narrative such as “You are eligible for [Insert offer here]” or “There is an issue with your personal info that needs updating” or “You have won a [Insert valuable object]”. All with the intention of luring you in to enter your personal information. Steer clear of emails, texts or even letters like these; the only thing you will be eligible for is identity theft. Ensure you verify that your received communications are from a trusted & legitimate source and sever any correspondence with suspicious ones.

Here are some general principles that you can follow to ensure the security of your credentials:

  • Use a lengthy password with a diversity of characters, capitalization, symbols and numbers.
  • Do not include your names, birthdays, addresses or phone numbers in your passwords.
  • Use abbreviations for phrases e.g “I Would Not Like To Be Hacked” = “IWNL2BH”
  • Change your passwords regularly, every 30-90 days is good practice.
  • Do not share your passwords. Sharing creates more liabilities.
  • Educate yourself on what phishing looks like, and know how to avoid/deal with it.
  • Always use 2 Factor Authentication, this provides an additional layer of security in the event of a breach.
  • Use trusted password manager programs that store your passwords securely and auto-generate random & complex ones every time you create a new account. Examples include LastPass, DashLane & 1Password. Make sure your master password is the Fort Knox of passwords and follows all the above criteria or there is no point in using these types of software.

I hope that you have been able to draw some valuable knowledge out of this article and can work towards securing your online identity. Remember, if you ever doubt your credentials, that feeling alone is enough to constitute a reason for fortification. A little paranoia is good in the long run, your digital profile will thank you for it.