Tuesday, January 28, 2014

How to Choose Effective Passwords and Reduce your Exposure of Being Hacked

If you have turned on your radio, television, or spoken to anyone in the last few months, you have likely heard about some of the recent data breaches in the news.  While some of the breaches have been more publicly talked about than others, they are all serious.  For a list of the worst twenty-six data breaches in 2013, read this article published on CSO Security and Risk website.  There are many places our information exists, and every place it exists potentially puts our data at risk.  Clearly there are many things you cannot do without giving up your personal information, like taking a school course or visiting a doctor, but there are steps you can take to help protect your information and reduce your exposure. 

Depending upon the type of breach, there may be absolutely nothing you could have done to prevent your data from being exposed.  This would include a breach with a component internal to the company and could include an employee using their access to your data inappropriately and potentially illegal ways.  Examples of this type of breach would be having a check that was not to or from you and did not match your account cashed against your account anyway. Another example would be having your birth date and social security number exposed by a person who worked in an IT department at an educational institution or hospital.  

Other times however, your data is breached because you set a weak password for an account and someone was able to hack the weak password giving them access to your account.  An example of this type of breach would be having an order placed against an account you have with a vendor even though you did not place an order.  Often in these situations your credit card is charged because it has been stored on file with the account.  Another example of this type of breach would be getting locked out of an account because your password was hacked and then changed by the person responsible.

The first line of defense to reduce the likelihood your password will get hacked by someone guessing or software trying to hack your password, is to create more complicated passwords.  When you create a password, try not to use names or items that are important to you.  In other words, if someone broke into your home and found baseball memorabilia all over your office and a poster of one ball player, do not set your password to that ball player's last name.  This may be an obvious example but people often use their children's or pet's names and anniversary dates as passwords.  These types of passwords are easy to guess and therefore put your data at risk.  Instead, make sure you use a password with some randomization, at least eight characters, and substitutions.

The best passwords use upper and lowercase letters, numbers, and special characters when they are supported.  Remember, the longer the password is the longer it takes to hack even if clever password hacking software is being used.  Some examples of how to take regular passwords and strengthen them are shown below:

  • downtherabbithole becomes d0WntH3r@BB1th0L3
  • todayisagreatday becomes t0D@y1s@gR3@tD@y
  • leavemystuffalone becomes 13@V3MyStuff@10n3
  • ilovejillian becomes 1L0v3j1!!1@N (even though we would not recommend using a password like this, we list this example to show ways the password can be modified to be more secure since some people will still use this format of password)
Another way people put their information at risk is by logging into accounts and checking the box to "Remember Me" which remembers their credentials so they are automatically logged in next time they visit the website.  While this is the easiest and sometimes more efficient way to gain access to accounts on your personal computer, think of how easy it would be for someone to gain access if you lost your laptop or it was stolen.  If you absolutely cannot stand to log into each different account, make a compromise with yourself and choose to always log into those accounts that have a credit card on file.  No matter what you do, do not set up automatic log ins to personal accounts on computers or devices that do not belong to you, or devices that other people use, including work computers.

Make sure you do not write your passwords down and  keep them in plain text documents or in site.  This may seem obvious but often passwords can be found written on small pieces of paper and hidden under keyboards, mice pads, or in desk drawers.  Anyone who has gone to the trouble to break into your home or office will surely find these "hidden" passwords.  Instead, keep passwords in a file that is encrypted, or write them down and store them in a safe deposit box or other protected location.

Lastly, protect yourself by using a few different passwords with the accounts you create.  This works because if someone happens to get your password, whether they hacked you directly or a company you had an account with was hacked, they will not be able to gain access to every other account you have if you use different passwords.  This is especially important if you use the same user id when you create accounts.  To best protect yourself, use a few different user id's and passwords when creating accounts.  Doing this will reduce the likelihood someone who has gained access to one of your accounts will be able to gain access to additional accounts.

Taking these steps will seem tedious at first, but they can help prevent much more pain at a later date if you follow them.

No comments:

Post a Comment