The Weakest Link: How You Can Prevent Access to Your Accounts

Randy Milanovic
Randy Milanovic Principal & Author, Kayak Online Marketing

Posted on March 6th 2014

The Weakest Link: How You Can Prevent Access to Your Accounts

Hardly a week goes by where we don't hear about some form of cyber crime in the news, and the high-profile hacking schemes that make the business press often cause millions in damage. The problem is even more severe at the small and medium-sized business level, where websites, email accounts, and other forms of technology are compromised every day.

Make password security a priority.

What many people don't understand about these thefts, though, is that they aren't sophisticated heists being pulled off by technological geniuses. Instead, they are crimes of opportunity, the Internet equivalent of pickpocketing, made possible by businesses with lax security standards.

Weak passwords, in particular, are the biggest culprit. Sure, criminals shouldn't be looking for ways to get into your computers… but we shouldn't be inviting them in by leaving a key under the mat (or when you email a password, pointing it out with a flashing neon sign). Just think about this – Google’s one password access means anyone with access to one of your Google accounts has free access to ALL OF THEM.

 


 

Why Too-Simple Passwords Are Such a Big Problem

As I've mentioned, most hackers and online thieves aren't sophisticated criminals. Usually, they are people using automated bots (scripts or programs). They deploy these readily available "password guessing" tools, which allows them to make thousands of attempts in the blink of an eye. With the right tools, they can get into your website, social or email accounts quite easily.

There are automated steps you can take to prevent these kinds of break-ins, but they shouldn't be needed in the first place. To get a sense of just how bad the problem is, click through to this website and give it a try (just don't type in any of your real passwords):

https://howsecureismypassword.net/

What you'll learn is exactly how easy it is for hackers to crack the simple passwords lots of people use – it's often a matter of seconds or less, especially if the password is short, or only contains letters. The problem here has to do with simple math. If there are only a handful of possible combinations, it isn't going to take a computer very long to figure out yours.

 


 

How to Choose Better Passwords (and Protect Them)

Luckily, it's almost as easy to keep your passwords safe and protected as it is to be vulnerable. The first step is to choose stronger ones in the first place. Here are a handful of tips to help you get started:

1. Stay away from the obvious. Don't choose your name, birthday, your pin number, a word from the dictionary, or anything else that would be relatively easy to guess. These are the things hackers will try first.

2. Keep a written record of your passwords somewhere safe. Obviously, it will be a hassle for you if you lose them, but you don't want to store them on a file in your computer, or in a place where others can find them. Consider placing them in a small safe, or some other hidden and secure area.

3. Invest in well known password security software. Top rated password control apps such as 1Password (https://agilebits.com/onepassword), LastPass (https://lastpass.com/) or RoboForm (http://www.roboform.com/) stand out. Use them to store and mix up strong, unique passwords. Don’t worry about forgetting one or deleting your app as most logins will allow you to send a password reset email should you lose one or suspect someone has breached your security.

4. Be more sensitive and spontaneous. Instead of simply using lowercase letters, mix it in with some caps (passwords are case-sensitive) along with numbers or symbols. It's okay to start with a word, but then start substituting special characters, moving things around, and adding capitals where they shouldn't be.

5. Keep writing. Longer passwords are inherently safer than shorter ones, because of the number of potential combinations that we talked about earlier. Every time you add another letter or digit, you increase the time needed to crack your password exponentially.

6. Change your passwords regularly. No matter how strong and secure your passwords are, you should consider refreshing them every few months. Just be sure you keep up the high level of security each time.

As important as it is to have secure passwords, it also matters that you don't share them in ways that you shouldn't. For example, you should definitely refrain from typing passwords into web pages – you never know which ones are truly trustworthy.

Likewise, you shouldn't ever email your passwords to other people, even your web designer, since email connections aren’t secure (you'd be amazed at how many of my clients have done this). If you have to share a password, do it over the phone, or send it as an image with background texture.

Protecting your passwords isn’t the same as becoming paranoid, but it can be the most important way to protect yourself and your company. There are always going to be people who want to take things from you over the Internet, so why make it easier for them?

By Randy Milanovic

Randy Milanovic

Randy Milanovic

Principal & Author, Kayak Online Marketing

Randy is author of 2 books: Findability: Why Search Engine Optimization is Dying + 21 New Rules of Content Marketing, and Building a Better Business Website. He is the Prinicipal of Kayak Online Marketing, a leading Canadian inbound marketing firm.

See Full Profile >

Comments

expoworld
Posted on March 6th 2014 at 12:27AM

Thank you for constructing a way to make strong passwords and to keep the accounts secured. Although the encryption is as important in order to make it more safe with emails and other social accounts.

Oceanwatcher
Posted on March 6th 2014 at 12:41PM

First of all - I did a little test here. I tried to set up an account by using my Google account. Guess what? It is all wrong! Why do I need to fill in anything (including a password) when I have already used my Google credentials? What is the point of using Google if you still have to fill in the whole registration?

Now to the article:

I already commented on G+ about this, but I will make a summary here.

Mixed cases and special characters is false security. It does not make your password stronger. A computer trying to brute force your password will still crack it IF YOU DO NOT HAVE A LONG PASSWORD!

Length is the key to make a secure password. Any passwords using 6 or 8 characters are WEAK. Period.

The problem today is that there are way too many passwords to remember. Social media, email accounts, forums, sites that requires registration to comment - it all just piles up. And there is a limit to how many passwords people can remember. Do you have credit cards? How many pin codes do you have to remember? They usually only have 4 or 6 digits. Not mixed with letters and special characters...

The absolutely best solution in my mind is to use a two-factor system. Google has an excellent one. And it is available for the WordPress and Joomla, the biggest blog system and the biggest CMS on the market today. So if you want safe and simple, this is the way to go.

The second best would be to create a password that consists of several common words after each other. It should be 15-20 characters long, but as it is normal words, it will be easy enough to remember.

Also, forcing people to make a new password every 90 days or so is another huge mistake. It will just lead to even simpler passwords. I am guessing the average person today has at least 10 passwords they need to remember. Change those every 90 days and you will have to come up with 40 passwords each year. And most systems that do this also have a block on old passwords...

As I am sometimes making websites, I have a huge number of passwords to keep track of. I do not use the same passwords everywhere. And I prefer to make VERY long passwords... To keep track of this, I use KeepassX, an excellent passwordmanager.

If you want to see how easy it is to crack a password of a given length, use this tool:

https://passfault.appspot.com/password_strength.html#menu

As you will discover, anything of 8 characters or less is easily cracked in one day or less. Get up to 10 characters and you might look at more than a year. Go higher, and your password will outlive you.

Of course - this is with the technology we have today. Each year, computers are getting faster and that makes it easier to crack passwords. So you should absolutely change them now and then!

Another danger about having to use a lot of passwords is that people tend to use the same one most places simply because it is to difficul to remember. So crack one, and you will gain access to most of this persons online life. Again - Google two-factor would take care of this.

For Socialmediatoday - get your registration sorted out!

Randy Milanovic
Posted on March 6th 2014 at 5:07PM

Thank you Svien. Perhaps you coul dwrite a post in it?

Oceanwatcher
Posted on March 7th 2014 at 11:33PM

You mean a post on G+?

Randy Milanovic
Posted on March 8th 2014 at 9:04PM

Sure. Or your own blog. :-)

Randy Milanovic
Posted on March 6th 2014 at 5:08PM

Sweet - I got 28 years on my test PW.

Oceanwatcher
Posted on March 7th 2014 at 11:35PM

So it should be ok to spend the next 10 years to figure out a new one :-)