The easiest New Year’s resolution to make good on this year is to fix your lame passwords.
It could save you from having your personal and/or professional information compromised by a cyber attack.
Cyber attacks have more recently entered the mainstream by events like the Ashley Madison user breach, the Sony hack and the electricity blackout in the Ukraine, which left about half the homes in the Ivano-Frankisvk region without power this past December. Events so grand and commercial in scale it becomes unthinkable that it could happen to regular folks like us.
Unfortunately, it can. And it does.
Brute force attacks are most common, in which “the attacker uses a large list of the most common passwords or a list of dictionary words to attempt to log in to an account over and over until they are successful,” says my colleague, server administrator Aaron Mahnic.
Think about the stuff you keep online. All that’s holding an attacker back from accessing it is the combination of letters and numbers you protect it from in a password.
Therefore, your pet’s name and the year you started business does not a secure combination make. sparky1993 doesn’t make the cut.
Lame passwords are a combination of laziness and perceived immunity to threat. Not to pump your tires, but even though you might not be rich or interesting, your data can still make a hacker a lot of money.
“The reality is that when you are connected to the Internet, a large number of malicious users will constantly test passwords on your account and try to log in,” says Mahnic. “This is especially true for email, where spammers want access to as many email accounts as possible to send spam.”
Mentally wrapping your head around this risk is challenging, unless you or someone you know has felt the personal devastation of a cyber attack.
And that’s why lame passwords persist. It’s tedious to keep track of complex passwords.
According to a survey from 2014 run by the U.K. government, one in three respondents said they struggled to remember strong passwords. With an average of 19 passwords per user, there’s a whole lot of weak passwords floating around.
Thankfully, there are hacks (har, har), for improving the strength of your passwords, such as creating passphrases and using a password storage solution like KeePass or LastPass. Passphrases are longer than the average passwords, built with a combination of words and characters that are challenging to crack, but easy to memorize.
Mahnic recommends combining words with numbers and symbols for extra security. Here’s the breakdown of a complex passphrase:
— 16 or more characters long;
— Includes multiple words;
— Includes at least a capital letter, number;
The words you string together in a passphrase can complete a message that is personal to you and therefore easy to remember. For example:
Passphrases with meaning, such as with reference to a long-term goal you wish to accomplish, or a feeling you have for a person, reduce the frustration and stress around keeping track of passwords. It’s one less item to keep stored in the brain. Done right, keeping a couple passphrases maintained in your memory is effortless.
For peace of mind, however, coupling your super secure passphrases with a password manager app like KeePass or LastPass doesn’t hurt. Especially, Mahnic says, “if you get into the habit of setting a different password for every account (recommended) and have too many passwords to remember.”
Password management apps store your passwords and passphrases in highly encrypted databases, under lock and key by a single master password.
This master password or passphrase should be highly complex for security and logged elsewhere in a safe place. This is the one password/passphrase you should definitely write down.
So before you hit the gym, take up beginner French classes or attempt to cut back on leisure spending, fire up your computer and fix those lame passwords. It feels good to get ‘er done.
Sarah Bauer is a project manager and writer with Navigator Multimedia Inc., a Kelowna web development company. Learn more at Navigatormm.com.