It Couldn't Happen to Me...
Mar 09, 2022
IT COULDN’T HAPPEN TO ME…
Winning the lottery; could never happen to me. A car accident; could never happen to me. Online account compromised; could never happen to me. But, unfortunately, two out of three of those statements may occur in our lives with certainty, and of the remaining two, the compromised online accounts are probably the most likely to happen to all of us.
According to a Google study, 52% of the US population uses the same password on multiple websites. Of those 52%, 13% admit using the same password on various websites.
Why does that matter? Most of us know why and it’s about easy access to your assets and information. But, are you using the same password for Facebook, Twitter, Instagram, Snapchat as you do for your bank password? Does your bank require you to change your password regularly? Do you change your password regularly on any or all the apps and websites mentioned above? If not, challenge yourself on why you don’t.
Typical answers are, “Nothing I have is that valuable so that no hacker would want my credentials, and even if they did, they wouldn’t get anything valuable, so why should I make it harder for myself?” Your information is valuable.
A bad actor could gain access to your social media, use the information we tend to overshare and gain access to other accounts. We give up information like our dog’s name, our kids’ birthdays, and occupations. Hackers can use all that information in password recovery.
I get asked, “How can I be better protected?” Most people don’t like my answer, but it’s the most effective solution. If you are using a password for anything that, if compromised, would cause financial hardship for you or your family or your business, you need a good password and regular password changes. That password must be easy to remember, hard to guess, and changed as often as you are comfortable.
The last part is ambiguous because some people never change their passwords. Some people feel that a password never needs to be changed because it’s already a good password. The longer you keep the same password, the longer a bad actor can compromise your accounts.
I say accounts because of the Google study mentioned above. They get your Facebook password, and you use the same password for Facebook as you do for your bank, 401k account, credit card payment accounts. Now they have your email and password for multiple websites. They keep going to different financial sites until they find one that works and when they find it, watch out.
On the other side, let’s say you have different passwords for everything you use, but they are passwords like Charlie123, password, Chicago987, qwertyuiop, for example. Making your password complex is one way but probably the hardest to remember or use. It’s potent, but if you are going to use complex passwords, you should use a password manager like LastPass or other password managers to keep things organized.
There is an easier way to be security-aware without frying your brain to remember passwords, and that is by using passphrases. For example, you could use MyjobisthebestjobIhaveeverhad! or PasswordChangeIsInevitable. The first password, according to security.org, would take a supercomputer four undecillion years to break, and the second password would take 76 nonillion years to break. I don’t know how many years those are, but they would outlast you or me. The passwords are long easy to remember, and even changing them wouldn’t be overwhelming.
Are passwords completely safe? No, they aren’t. If a human thinks up a password, another human can crack a password. So, it’s best to use the passphrase and change that passphrase annually. Doing so will be your best defense against hackers. And if you are especially concerned about your online accounts, you can change passphrases whenever you feel the need. Fortunately, there isn’t any set rule that says you only must do it by my examples above. Protecting your accounts is your responsibility, and it is left to your judgment to decide how to manage that protection.
Winning the lottery; could never happen to me. A car accident; could never happen to me. Online account compromised; could never happen to me. But, unfortunately, two out of three of those statements may occur in our lives with certainty, and of the remaining two, the compromised online accounts are probably the most likely to happen to all of us.
According to a Google study, 52% of the US population uses the same password on multiple websites. Of those 52%, 13% admit using the same password on various websites.
Why does that matter? Most of us know why and it’s about easy access to your assets and information. But, are you using the same password for Facebook, Twitter, Instagram, Snapchat as you do for your bank password? Does your bank require you to change your password regularly? Do you change your password regularly on any or all the apps and websites mentioned above? If not, challenge yourself on why you don’t.
Typical answers are, “Nothing I have is that valuable so that no hacker would want my credentials, and even if they did, they wouldn’t get anything valuable, so why should I make it harder for myself?” Your information is valuable.
A bad actor could gain access to your social media, use the information we tend to overshare and gain access to other accounts. We give up information like our dog’s name, our kids’ birthdays, and occupations. Hackers can use all that information in password recovery.
I get asked, “How can I be better protected?” Most people don’t like my answer, but it’s the most effective solution. If you are using a password for anything that, if compromised, would cause financial hardship for you or your family or your business, you need a good password and regular password changes. That password must be easy to remember, hard to guess, and changed as often as you are comfortable.
The last part is ambiguous because some people never change their passwords. Some people feel that a password never needs to be changed because it’s already a good password. The longer you keep the same password, the longer a bad actor can compromise your accounts.
I say accounts because of the Google study mentioned above. They get your Facebook password, and you use the same password for Facebook as you do for your bank, 401k account, credit card payment accounts. Now they have your email and password for multiple websites. They keep going to different financial sites until they find one that works and when they find it, watch out.
On the other side, let’s say you have different passwords for everything you use, but they are passwords like Charlie123, password, Chicago987, qwertyuiop, for example. Making your password complex is one way but probably the hardest to remember or use. It’s potent, but if you are going to use complex passwords, you should use a password manager like LastPass or other password managers to keep things organized.
There is an easier way to be security-aware without frying your brain to remember passwords, and that is by using passphrases. For example, you could use MyjobisthebestjobIhaveeverhad! or PasswordChangeIsInevitable. The first password, according to security.org, would take a supercomputer four undecillion years to break, and the second password would take 76 nonillion years to break. I don’t know how many years those are, but they would outlast you or me. The passwords are long easy to remember, and even changing them wouldn’t be overwhelming.
Are passwords completely safe? No, they aren’t. If a human thinks up a password, another human can crack a password. So, it’s best to use the passphrase and change that passphrase annually. Doing so will be your best defense against hackers. And if you are especially concerned about your online accounts, you can change passphrases whenever you feel the need. Fortunately, there isn’t any set rule that says you only must do it by my examples above. Protecting your accounts is your responsibility, and it is left to your judgment to decide how to manage that protection.