So at this point, it really is safe to assume the bad guys have YOUR password. Probably several of them.
Don’t believe me? Go to haveibeenpwned.com and check your own account. And that only checks a tiny fraction of the databases that have been hacked. That is just the tiny tip of a massive iceberg.
The latest in a long string of breaches contains 2.2 BILLION accounts… with a “B”. That is SEVEN times the population of the entire USA. It’s literally just a matter of time before someone gets into your private stuff. Or maybe they will impersonate you and trick your friends, family, and clients. Or more likely, they will empty out a bank or retirement account. Ouch.
Sounds rare? We see this constantly. We get “THAT” call all the time. At least once a week and usually it’s a whopper. The problem is, after they get into your stuff, it’s too late. You can’t put the toothpaste back in the tube. But prevention is easy! Often inexpensive or even free!
So what to do…
Never, ever, use the same password on more than one site.
If someone got your Facebook password… that would be bad. If it is the same password you use for your bank, retirement account, credit cards, mortgage or any other sensitive account… you’re in real trouble, real fast.
When hackers get into a password database and find a password, one of the first things they do, is try it on all the major banking sites, financial sites, email sites, etc. It is VERY easy to have a program automatically take every password they find and try it on tons of sites. And a computer can do this around the clock, 24 hours a day, without fail.
If someone empties your bank account out with your password, the bank is not at fault and will not put the money back. Imagine all of your money taken irretrievably.
But if you use a unique password for every site, and the bad guys get any one of them, they cannot get into any other accounts. Instantly and easily a huge improvement!
But how do you keep track of tons of passwords? There are several fantastic password managers that track them all for you and even fill them in for you. Makes things a snap!
Strong passwords
Use a password of 10 characters or longer. Be sure not to use words in the password and use 3 (or better yet 4) different character sets such as Uppercase, Lowercase, Numbers and Symbols.
Every extra character makes a password FAR more difficult to crack. Check out this site for a way to find out how crackable your password is: howsecureismypassword.net
For example: | |
The password “Apple” is: | INSTANTLY crackable. |
The password “Apple1” takes: | 1 minute |
The password “Apple197” takes: | 4 days |
The password “App1e197$$” takes: | 6 years |
The password “App1e197$$!” takes: | 400 years! Just adding ONE more character! |
Just keep in mind computers keep getting a LOT faster. So what used to take a year to crack can take a day. So keep them strong!
But who wants to remember a long crazy password!? That’s why you should use the password manager above. Let it do all the work. Even if you have a 30 character insane password, you don’t need to remember it and it can fill it in for most programs!
Change passwords regularly
We recommend every 90 days changing any critical passwords. This way, even if someone gets a password, ideally by the time they get it, hack it, it isn’t even being used any more.
There is an evil place called the Dark Web where credit cards, passwords, drugs and other stuff are traded among the bad guys. There are services that will show you what they found about YOU on the Dark Web. Specifically, your passwords which ` are out there. We always find passwords for employees at the firms we help. Fortunately most are a bit old. So if you changed your passwords regularly, you’re in great shape!
The holy grail: Two Factor Authentication (2FA)!
Passwords suck. They are a pain, they are not very secure but it’s the best we have right now. Enter 2FA!
2FA is something you know (a password) and something you HAVE (your cell phone or a keyfob) or something you ARE (a fingerprint, eye scan, etc). This is WAY more secure and, honestly, kinda cool!
This can often be setup for email, social media, banking sites, special apps and many others. So what happens is, you login with your password but that is just one of the locks. You then have to enter a temporary code. It can be texted to you but many sites require you to use a special code generator app. These are free, very cool looking programs that run on your cell phone. They generate new, random numbers every 10 seconds or so.
What this means is that even if you gave someone your password, they STILL can’t get in! They have to have your phone and the code. And tons of sites are now offering it as it is soooo much more secure.
Tons of sites have it ready to go. Here are just a few samples:
- Gmail
- Most banking and investment sites
- Office 365 (Exchange) email – This is HUGE!
- Amazon
- Apple
- Yahoo
- Dropbox
- Paypal
- Nest
So those are four VERY powerful ways to make you WAY more secure and cost you nothing (or very little) to implement. You can easily go from an easy target to SEAL Team 6 with just these 4 tips!
As always, call us if you’d like to learn more or could use a little help. There are lots of areas besides passwords that can make you safe and save you from an attack.