Usted está aquí

< Todos los artículos

What's in a password? A lot. Weak passwords are very commonly used to penetrate corporate networks; in fact, over 60% of data breaches occurred due to weak passwords. Do you wonder why?

Don't. Everyone's already seen Keeper's annual lineup of the 25 most popular passwords, which they say constitute over 50% of some 10 million passwords analyzed. Just take a look at a few of the common passwords, and prepare to be gobsmacked:

  • 123456. Yes. True. Top of the list. 17% of those analyzed use this password. Savvier users, who know that 8 characters is preferred, make sure to add a 7 and 8.  
  • qwerty
  • 111111
  • password
  • google
  • 7777777
  • 18atcskd2w
  • 1q2w3e4r

Lest you wonder why the last two seemingly strong passwords are on the list, let's illuminate you: they were likely created by bots to conduct spam and phishing attacks

You'd think IT people would have drummed it into employees' heads to use uncommon passwords. Because they know the risks. But IT is also guilty. You know those default passwords that are built into operating systems, databases or other software? How often do they keep those same passwords – which can be found readily in vendors' user manuals and elsewhere online.

You'd also think that private users have been warned enough about how easily their passwords could be stolen. The free wifi free-for-all makes it very easy for hackers to use their own computers as routers, which you unwittingly plug into, assuming it's legitimate. The path to getting your login for bank accounts becomes exceptionally short.

Social engineering’s another way for hackers to find out your security questions in social media. Then they access your account, using "forget your password" tools to hack in.

And, of course, phishing mails, which look so innocent; they could look something like a login page for Gmail or for a government site, with official-sounding terms: "Someone may have hacked your account. Click on the link below to check." The link will lead you to a login page that looks real, but isn't. The hacker gets the form info, with your data.

To round out just some of the common ways to steal passwords, there's the reliable keylogger, which lives in your system memory and runs at every startup, logging ALL your keystrokes. The hacker receives a full report. Do you want to bet how often they manage to capture passwords? I didn't think so.

There are many more. But we really need to make sure that people think: it won’t happen to me, falling into the trap of easy passwords.

You can do a lot toward safeguarding your data by implementing any – preferably all – of the following tips:

  1. Obvious, but: choose a difficult password, check its strength, update it often

  2. Don't use your birthdate, your anniversary or any personal, identifiable information, especially if you've posted about your favorite Elvis hound dog on social media.

  3. Mix it up: use at least 8 characters with random alphanumeric characters, symbols, upper lower case letters

  4. Don't use the same password for all your accounts, or at least use a variation. I know someone who uses the first letters of a favorite song, appending or ending it in variations for different accounts. For example, if you took the first letters of "You can dance if you want to," you'd get the seven letter YCDIYWT, and you can append numbers or characters to the front or the end of the phrase.

  5. Use a password manager. If you have trouble remembering all the passwords, get a password manager. Some are free, like the open-source keepass, or dashlane (freemium edition).

What's in a password? The difference between safe, and sorry.

 

30 Mar 2017