YOU! Yes you, will get Hacked, unless

Written By Matthew Ryan

We have replaced our email systems, increased security and added firewalls to greater protects systems, so what’s next? Put simply its password security – let’s find out why. 

Ask yourself these three questions:

1. Do I use three passwords or less for my online accounts?

2. Do I add a single random character (an extra number or a letter) to my usual passwords to create additional passwords?

3. Do I use personal data such as a date of birth or names of my close relatives in passwords?

If you answered yes to questions 1 and 3 and no to question 2 - then, my friend, my grandmother can probably break into your online accounts. 

And you need to know that YOU are the weakest link in your online security.

But you’re not alone! Did you know that 65% of users use the same single password everywhere?

The most common passwords in 2016 were: 123456 or 123456789, qwerty, 12345678 and 111111. 

Look for yourself, here’s a list of the Top 15 - they are scarily easy to guess and recreate.

 Did your password make the list of shame? If so, it may be time to do some serious updating, or risk kissing your internet security goodbye.

10,000 of the most common passwords can access 98% of all online accounts! Let me spell that out to you… NINETY-EIGHT PERCENT. Do not let yours be one of them.

Hackers have been collecting and publishing compromised credentials in the ‘dark web’ (a sub-internet) for years. Ever had a LinkedIn account? Or shopped at Target? eBay? Apple? Government websites? If you have an online presence at all, believe me, your credentials are probably published out there somewhere. An easy example - Google your own name and see for your self! It’s scary what you may find!

So, let’s get back to my grandmother for a moment. If she wants to break into your Gmail, Facebook, Online Banking or PayPal account, her first port of call would be to simply look you up in one of those shared databases containing billions of personal credentials. 

Once she’s found you – and if you’re still using the same password or simple variant – then game over! My grandmother has got you!

It’s a shame, but the reality is that a LOT of businesses have been breached or have accidentally published customer credentials – to name just a few, we have Yahoo, Facebook, Gmail, 7-Eleven, eBay, Adobe, Sony, Target, Apple, the NHS in England, even our own state and federal government departments, (on more than 5 occasions in the last month!)

 Do you have personal information sitting with them? 

Many data breaches aren’t known or published and your credentials may still be at risk! However, in Feb 2018 that all changes!

If dear old 'nanna' is unlucky searching the dark web for your credentials, then she can do a patience exercise: start trying each of the 10,000 most common passwords. Remember those 10,000 passwords access 98% of all online accounts! Of course, the more sophisticated grandmothers (not mine) would automate this process.

We need to accept that organisations with our data and credentials will continue to get hacked. In this brave new world, what can you do to protect your other online accounts?

First – never share your credentials and only enter them using secure devices and internet connections you trust.

Second – enable multi-factor authentication wherever possible e.g. a password and then a second password sent to you Phone via SMS. Always choose security over convenience in those accounts that are most important.

Third – use good and different passwords in each of your hundreds of online accounts.

A good password looks like this: 

“E7Qf21yb$*a8WY&l!%*b*qPHYckMI3Xnq@EM5@Zo7Yg50MD%s95wc*5T&ED%7Ay31^3ujGLK@yE9ok#QSaMxWw!$KP5oHNXj3#o” - Try remembering that!

How can a normal human being possibly memorise one of these passwords let alone hundreds of different passwords for our growing number of online accounts?

Let’s look at how long it takes for a hacker to crack a password using specialised tools 

 The caveat on the above is that these are simple lower case alphabetic passwords. Add in some complexity and this changes dramatically e.g.: - 

 Add in a special character and a mix of Alpha and Numeric characters and security increases again!

One answer is to use a ‘password manager’ that will generate and store these random passwords for you. Reputable services include: 1Password, LastPass, KeePass, Norton Identity Safe to name a few. You can use these on your laptop, smartphone, tablet, etc. 

Can these password management services be breached as well? Of course, but not by my grandmother! Stolen data is not likely to be readable due to strong end-to-end encryption (a subject for another article).

Still not sure, another option is to write them down in a book (yes that paper stuff we are all trying to get rid of in our offices) and store it in a secure location that only you know about! 

Although no one is 100% safe in our evolving cybersecurity world, by following these simple security practices you can make your online accounts infinitely more secure than the average person. Not being an easy target for my grandmother goes a long way!

If you would like to know more or test your passwords to see how long they could take to be cracked, please visit https://www.betterbuys.com/estimating-password-cracking-times/

Granny is watching!

Many thanks to Better Buys for the images in this article and their continued thought provoking IT Security articles from which this article is adapted!

Matthew Ryan
Previous

My Take on Hacking, Cyber Security and Ransomware.
Next

The Eight Burning IT Questions