Admit it! You use and recycle the same passwords for your email, social media and online banking accounts, regardless of what security experts say.
You’ve had those accounts for a long time and you haven’t been hacked or scammed, so why fix what isn’t broken, right?
That’s probably what Mark Zuckerberg (yes, the Facebook guy!) thought so too until a Linkedin data breach led to Zuckerberg’s Twitter and Pinterest accounts getting hacked because—you guessed it—it shared the same “dadada” password.
Think you’re more creative? Not so fast.
Google’s research on how people create passwords revealed that the number one thing people still do most is use their pet’s name. Also popular are their birthplace; one of their kids’ names or nicknames; their favorite number or vacation spot; and, believe it or not, “password” is still a popular choice for some people.
Hackers are crooks, not idiots.
They already know every trick in the book for guessing passwords and are adept at using social media to gather your information.
Also, as it turns out, the key to cracking passwords is a flaw in our brains: Our minds are not good at creating random combinations of words or letters, but are influenced by memories or pop culture tastes, which leads to non-random (and vulnerable) passwords.
“If your password is not random, we will crack it,” said password expert-cracker Jeremi Gosney, who once deciphered 90% of a sample of more than 16,000 passwords downloaded from the internet in 20 hours as part of a contest.
And truth is, with all the data breaches in recent years, it may only be a matter of time before you become a target, just as I have recently been targeted by a scam.
Still not convinced? Test yourself
- Do you use the same password over and over?
- Do you use a slightly modified version of the same password (adding a different number, letter or capitalization)?
- Do you use one of a few of your “go-to” passwords that you rotate for new online accounts
- Do you forget which “go to” password you used or which slightly modified version you used?
- Do you still use an incredibly simple password…like “1234” or “[email protected]$$word”?
If you answered “YES” to any one of the questions above, you should check Have I Been Pwned to investigate whether your user credentials have been compromised.
Most of us rarely think about password safety, so maybe now’s a good time to rethink or update your password strategy.
Simplify your life with a Password Manager.
Even though our brains aren’t actually bad at remembering a few simple passwords, remembering dozens of unique, strong passwords is almost impossible. You can give your brain a little help by using a password manager.
A password manager is an application – essentially a digital secretary – that automatically creates strong random passwords for each one of your accounts and stores all of them in a single vault secured by a master password.
Most password managers don’t even require you to type passwords because they autofill forms and offer a handful of other useful password features.
You Still Need to Remember One Password
Of course, even with a password manager, there’s still the matter of creating and remembering the ONE password that unlocks the “vault” where your other secure data is stored: Usernames and passwords, credit card numbers, secure notes, attachments, contact information, software licenses, etc.
But you should forget about long gobbledygook strings of capital letters, symbols, and numbers.
The easiest way to create a secure master password is to make a passphrase: several random but pronounceable—and thus easier to memorize—words.
For example, maybe these words would come to you one morning while you’re brushing your teeth: BabeRuth green eggs NFL world cup.
Tip: Make sure these “random” words are not things you shared on social media as your list of favorite things! (Remember, that’s where online thieves go looking for clues.)
Ready to Get Started with a Password Manager?
Here are some resources for you to look at:
LastPass — LastPass is an easy-to-use password manager and one of the most popular out there. It offers features like login credential syncing for multiple browsers, AES-256 encryption, and a handy feature called Auto Change Password that works with about 80 popular sites. You can access most of its features for free, although the free version locks you on one platform for syncing across devices. LastPass Premium offers additional 1GB cloud storage, desktop application logins and fingerprint identification, plus expanded support for two-factor authentication tokens like YubiKeys.
1Password — If you’re a Mac and iOS user, then 1Password is definitely the one for you. It was originally developed for Apple products (although it has steadily expanded its offerings for Windows, Android, and ChromeOS). 1Password’s interface is the most elegant of the bunch, with numerous small touches that make it easier to use. It also offers a wide variety of syncing options, including one that doesn’t store any data in the cloud. It can also generate and display the one-time passwords used by many two-step authentication managers, substituting for apps like Google Authenticator or Authy. 1Password has never offered autofilling as an option, much less a default, so that’s another layer of added security.
Dashlane — Available for Android, iOS, Mac and PC, Dashlane is a robust password manager that comes with a security dashboard, AES-256 encryption, and optional cloud syncing. Dashlane’s strong-yet-subtle browser integration makes logging into websites a seamless operation. And once a password is stored in Dashlane, it can log you in automatically every time the website is loaded or autofill the credentials without logging you in.
KeePass — KeePass is one of the most trusted open-source password managers available for Windows, Linux, as well as macOS. It’s free, easy to use, and very portable, because you can transfer the program to a USB flash drive and copy it to a new computer on the fly. KeePass supports import and export of your password data in common formats like HTML and TXT. It also includes two-factor authentication, as well as protection against dictionary and guessing attacks, autofill and more.