Hardly a week goes by where we don't hear about some form of cyber crime in the news, and the high-profile hacking schemes that make the business press often cause millions in damage. The problem is even more severe at the small and medium-sized business level, where websites, email accounts, and other forms of technology are compromised every day.
What many people don't understand about these thefts, though, is that they aren't sophisticated heists being pulled off by technological geniuses. Instead, they are crimes of opportunity, the Internet equivalent of pickpocketing, made possible by businesses with lax security standards.
Weak passwords, in particular, are the biggest culprit. Sure, criminals shouldn't be looking for ways to get into your computers... but we shouldn't be inviting them in by leaving a key under the mat (or when you email a password, pointing it out with a flashing neon sign). Just think about this - Google's one password access means anyone with access to one of your Google accounts has free access to ALL OF THEM.
Why Too-Simple Passwords Are Such a Big Problem
As I've mentioned, most hackers and online thieves aren't sophisticated criminals. Usually, they are people using automated bots (scripts or programs). They deploy these readily available "password guessing" tools, which allows them to make thousands of attempts in the blink of an eye. With the right tools, they can get into your website, social or email accounts quite easily.
There are automated steps you can take to prevent these kinds of break-ins, but they shouldn't be needed in the first place. To get a sense of just how bad the problem is, click through to this website and give it a try (just don't type in any of your real passwords):
What you'll learn is exactly how easy it is for hackers to crack the simple passwords lots of people use - it's often a matter of seconds or less, especially if the password is short, or only contains letters. The problem here has to do with simple math. If there are only a handful of possible combinations, it isn't going to take a computer very long to figure out yours.
How to Choose Better Passwords (and Protect Them)
Luckily, it's almost as easy to keep your passwords safe and protected as it is to be vulnerable. The first step is to choose stronger ones in the first place. Here are a handful of tips to help you get started:
1. Stay away from the obvious. Don't choose your name, birthday, your pin number, a word from the dictionary, or anything else that would be relatively easy to guess. These are the things hackers will try first.
2. Keep a written record of your passwords somewhere safe. Obviously, it will be a hassle for you if you lose them, but you don't want to store them on a file in your computer, or in a place where others can find them. Consider placing them in a small safe, or some other hidden and secure area.
3. Invest in well known password security software. Top rated password control apps such as 1Password (https://agilebits.com/onepassword), LastPass (https://lastpass.com/) or RoboForm (http://www.roboform.com/) stand out. Use them to store and mix up strong, unique passwords. Don't worry about forgetting one or deleting your app as most logins will allow you to send a password reset email should you lose one or suspect someone has breached your security.
4. Be more sensitive and spontaneous. Instead of simply using lowercase letters, mix it in with some caps (passwords are case-sensitive) along with numbers or symbols. It's okay to start with a word, but then start substituting special characters, moving things around, and adding capitals where they shouldn't be.
5. Keep writing. Longer passwords are inherently safer than shorter ones, because of the number of potential combinations that we talked about earlier. Every time you add another letter or digit, you increase the time needed to crack your password exponentially.
6. Change your passwords regularly. No matter how strong and secure your passwords are, you should consider refreshing them every few months. Just be sure you keep up the high level of security each time.
As important as it is to have secure passwords, it also matters that you don't share them in ways that you shouldn't. For example, you should definitely refrain from typing passwords into web pages - you never know which ones are truly trustworthy.
Likewise, you shouldn't ever email your passwords to other people, even your web designer, since email connections aren't secure (you'd be amazed at how many of my clients have done this). If you have to share a password, do it over the phone, or send it as an image with background texture.
Protecting your passwords isn't the same as becoming paranoid, but it can be the most important way to protect yourself and your company. There are always going to be people who want to take things from you over the Internet, so why make it easier for them?