How Secure Are Your Passwords?
Modern technology offers unparalleled convenience, providing a world of information and access to the services we need at our fingertips. However, the tradeoff is that our data, including sensitive financial information, is more vulnerable now than ever.
Despite the efforts made by cybersecurity experts to shield your accounts and devices from attacks, one of the biggest vulnerabilities we face is human error and carelessness.
The reality is that more cybercriminals gain entry through negligent password management than any other factor. Hackers are more likely to use stolen or easily guessed passwords to access accounts than breaking through holes in a security wall. And usually, it’s you, your co-worker, a family member, or a perfect stranger that’s leaving the door open for criminals to get in, often without even realizing it.
What You Should Know About Passwords
A password is a string of characters used to authenticate an individual, proving identity to gain access to a certain location, which is to be kept secure from unauthorized individuals.
If you find yourself annoyed by the criteria required to create your passwords, you’re not alone. It’s safe to say we all experience a collective sense of frustration when an account prompts us to use a certain number of characters and a mix of numbers, letters, and symbols. We are all tired of needing to update our passwords with a unique string of characters every so often and wonder how we’re supposed to keep track of it all.
But when it comes to guessing passwords, cybercriminals have become increasingly sophisticated. No longer are they limited to trying some combination of the name of your mother’s maiden name and birthday; they have other ways of peeking behind the digital curtain.
Strong passwords are a lock to protect your entire digital life, from computers to cellphones, ATMs to Facebook. You wouldn’t leave your front door unlocked, would you? When you use a weak password, or if you use the same password for multiple systems, you’re essentially leaving the door open for criminals to walk through.
Chances are if you’ve yet to be hacked, a family member, friend, or acquaintance has, and the consequences can be costly. In fact according to the Verizon 2021 Data Breach Investigations Report, 81% of hacking-related breaches used stolen passwords and/or weak passwords, 51% of the data breaches involved malware, and 73% of the breaches were financially motivated. (1)
The best thing you can do to protect yourself from cybercrime is to use strong passwords everywhere and never let your guard down.
Common Password Mistakes
Before examining what makes a strong password, let’s look at a few common mistakes people make when choosing a password.
The first mistake people make comes from the understandable attempt to make the password easy to remember. They may base their password choice on something obvious, such as their name, their email address, or the username on the account. For example, someone with the name “John Smith” might make their password “SmithJohn,” or if a number is required, “SmithJohn1.”
Sometimes people create an overly simple password that’s comprised of nothing more than a common word or phrase, such as “poodle” or “ilovetacos.” It may even be a word that could easily be associated with them, such as the street where they grew up, their high school mascot, or their grandchild’s name. Alternatively, it could be a string of easy-to-guess numbers, such as 987654321 or an anniversary date.
Then there’s the issue of not being protective enough with your passwords. You may share your home WiFi login with a trusted friend or neighbor. You might ask a coworker to log into your account to check something for you. You may have a list of passwords in your desk drawer - or even taped to your monitor. Unfortunately, sharing your passwords with others or placing them where they can be seen leaves you open to security risks.
Finally, people often practice poor password maintenance and management. You should be regularly changing old passwords, even if the system doesn’t prompt you to do so. The longer you keep the same old password, the greater your chance of being hacked. Even if you are protecting your passwords well, sometimes companies have stolen their customer data, including usernames and passwords. Once that happens, hackers will post or sell lists of known usernames and passwords for other hackers to use. On that same note, it’s crucial that you do not use the same password for everything. As challenging as it is, you should be using a unique password for each account.
How to Create a Strong Password
With so much room for error and so much at stake, you’re probably wondering what makes a strong password. It isn’t easy. Keep in mind that your password is easier to hack than you think. Password complexity means an exponential increase in safety. Here are a few ideas to get started:
Begin with a name or phrase you will remember, but not the names of people or pets in your immediate family. That would be too easy for hackers to guess. But don’t stop with the name; you’ll want to add more complexity.
For example, let’s say you’ve chosen the name Hannah. A password with a mix of uppercase and lowercase letters, numbers, and special characters is much harder for hackers to guess, even with the help of computer software. (But, simply adding a dash or underscore in between words that are easy to guess, e.g., “john-smith,” is not adding much security, as hackers know that this is what people tend to do.) These combinations create more complexity for the hackers to attempt. For example, it may look like this: haNNah0713!
Another way to create a secure password that you can remember is to use a passphrase: a set of unrelated words that create a mental image. “CatBasketOverflow” or “PermanentYardStamp” are two examples. You could separate each word with a number or special character to increase the security of the passphrase, resulting in a password such as “Cat$35Basket!Overflow”
A somewhat similar method is the sentence password. Using a sentence you can remember, apply a rule to extract only certain letters from that sentence and turn that into your password. For example, for the sentence “My beautiful grandaughter’s name is: Sally Elizabeth Johnson,” you might apply the rule to use the first letter of each word, making your password “Mbgni:SEJ”. For a longer password, use the first two letters of each word: Mybegrnais:SaElJo.
Keeping Up with Your Passwords
Once you’ve created strong passwords for all of your accounts, do not share them with anyone or leave them where they can be found. You may want to use a password manager, such as LastPass, Dashlane, or 1Password, but you will need to be extra careful about guarding your password to that account.
Handling your passwords with care can be frustrating, but it’s worth it. The alternative could lead to identity theft, costly losses, and big headaches.
John J. Diak, CFP® is the Principal & Client Wealth Manager at Oatley & Diak, LLC in Parker, Colorado. He assists clients through many difficult lifestyle changes such as business downturns, retirement planning, divorce, the death of a spouse, and family estate issues among others. Oatley & Diak, LLC is a family-run registered investment advisory (RIA) firm that provides clients with investment management and financial planning services in a hands-on, intimate environment. Learn more about them at oatleydiak.com.
The opinions voiced in this material are for general information only and are not intended to provide specific advice or recommendations for any individual.
This material was prepared by Crystal Marketing Solutions, LLC, and does not necessarily represent the views of the presenting party, nor their affiliates. This information has been derived from sources believed to be accurate and is intended merely for educational purposes, not as advice.