It was recently reported that Facebook had a data leak of some 533 million users. A week later it was reported that data from500 million LinkedIn users have been sold online to hackers. Details such as names, phone numbers, email addresses, account IDs, and bios were stolen and placed on the dark web for anyone to use nefariously as they saw fit. This brought to mind the digital saying that passwords, like underwear, should be changed regularly. We thought it time to dust off this story from a few years back, give it an update, and share it once more.
We all know people who use the same password for everything. From unlocking their phone to unlocking their bank account online, they use the same password or two for everything and every place. Words cannot express how dangerous this is, but it is fundamentally the same as having a single key to your home, car, safe deposit box, mailbox, etc. While it may certainly be convenient, if somebody gets ahold of this one password stolen from one site, then they can use it to access all your websites, your bank accounts, your credit cards, your business.
Now that so much of our lives are online, having good passwords are more important than ever. The password you use for your EHR should be different than the one for your spam email account. The password for your business email should be different than the password for your PayPal account. The password for your online banking account should be different than the password for your Facebook account….etc…etc…etc
At the same time, we all know people whose passwords have often been the laziest words or combinations. I worked with a gentleman who wrote his various passwords on a piece of notepaper and then proceeded to use radio station magnets to affix the passwords to the side of his desktop computer. Not only could anyone with a deceitful nature copy and steal his passwords, but by festooning colorful magnets on the side of his computer he managed to corrupt the data stored on the hard drive to the point his computer needed to be rebuilt with much of his data lost forever. However, that is an entirely different computer problem.
People use their birthdays, their children’s birthdays, their phone numbers, or street address. Or like the default combination on their old briefcase, use a combination like 123456, or worse, the word PASSWORD. Some other passwords that fill the most used list include football, admin, login, hello, letmein, and qwerty. How many of you are now embarrassed? To show you the difference between those passwords and a good password, an old IT friend of mine used an old Windows XP serial number for his server password. Where some of us have to stop and think of the 6 or 8 digit passcode we use, he could type in his 25 character alpha-numeric password in a matter of seconds.
Total online security won’t be solved by even the most obscure passwords. Like anything, where there is a will, they is a way. Online bots can mount brute force attacks at a rate as fast as a billion passwords a second, so breaking an 8 character password could take upwards of 83 days to crack…or just seconds, if you are using something common like the passwords above.
At the same time, unless you have a photographic memory, keeping a list of your passwords written down somewhere is also an invitation for trouble. You could, of course, name your password list, BrusselSproutCauliflowerRecipies to keep most people from accessing your list, or you could enlist the help of an online password program. Programs like Dashlane, 1Password, RoboForm, and LastPass will store your passwords and even autofill forms for you online once you enter your master password. This way you only truly need to memorize one password, the one to unlock the program. (May we suggest that the key password be something not easily guessed.) Some password management companies offer their basic services for free and more complete offerings for anywhere from $2 to $5 a month.
Whatever or however you choose to treat your passwords, let us leave you with this digital maxim.
Treat Your Passwords Like Your Underwear!
Never share them with anyone
Change them regularly
Keep them off your desk.
To check to see if your data was breached in the latest leak or in a number of previous data breaches, go to HaveIBeenPwned.com, a database maintained by security analyst Troy Hunt.