Remember the days when Yahoo! was considered a tech giant? The company, founded in 1994, was once valued at over $100 billion, but sold to Verizon for a measly $4.48 billion in 2017. How did this valuation sink so low? Easy. Stolen passwords.
Through two separate attacks, it was confirmed that all three billion Yahoo accounts were exposed. This includes plaintext passwords, and all personal information provided. What once was an internet giant became nothing more than a shell of itself thanks to sloppy security, and the data of billions of accounts was exposed.
Why are we telling you this? To remind you that you’re probably overdue for a password change.
Stories like the Yahoo! breach have become commonplace. From Target to Marriott to Facebook, the places you spend money and store data can’t keep cyber thieves away.
One of the few things you can do to protect your data is password management. We’re here to help you fight the good fight in a world that has become a constant data breach!
1. Create a STRONG Password, and Change it Yearly
Your password is weak. We all make mistakes when creating passwords, and rest assured, yours is probably not good enough. Even when we match the character count and special character requirements, we’re being so lazy about it that most of our passwords can be guessed by simple brute force.
There are a few tricks to creating a strong password.
- 12-15 characters, minimum
- Mix in random capitalization
- Avoid names, common phrases, and sports teams
- Don’t use “keypaths” like QWERTY and 1234567
- Use a password generator
It can be hard to think of a strong password without borrowing the name of a loved one or your favorite song/movie/sports team. This is why password generators are a great tool. Once you’ve used a generated password a few times, it becomes muscle memory!
Sometimes the most difficult part isn’t creating a good password, but remembering to change your password every once in a while. If a breach of any kind occurs on your account, you should obviously change your password immediately! That being said, the new cyber security service standards recommend changing passwords once a year if all is running smoothly, with no unauthorized access or malware detected.
2. Use a Password Manager
Don’t use the same password for every login. If you do, you’re putting yourself at even greater risk. With different passwords, if you’re alerted of a breach, you can update your password and move on. But if that breached account uses the same password as ten other accounts? You’re in for trouble!
That being said, using 100 different passwords for 100 different websites isn’t exactly practical. You won’t remember all of them, and before you know it, you’ll be one of those people writing sensitive info on post-it notes around your desk. The easiest solution is to use a password manager.
Password managers allow you to use one master login to save all of your passwords for every login you have. One strong password gets you secure access to all of your accounts! While several require a yearly subscription, free options like LastPass Free will do everything the average user needs at no charge.
With browser extension for Chrome and Firefox, apps like LastPass will ask every time you log in to a new account if you’d like to save the info to your “password vault,” allowing for easy and secure password storage!
3. Use Multi-Factor Authentication When You Can
Multi-factor authentication, also called 2FA, has become the strongest hope in the war against data theft. Even if someone steals your login information, with MFA enabled, they won’t be able to access your account.
Think of MFA as a second step to verifying your identity. When you log in to your account, you’ll be asked to verify who you are by entering a code sent to your phone or email address. Yes, it adds a few seconds to the process, but it could save you hours of headaches if your account is breached!
Many popular websites such as Facebook, Twitter, and Google have enabled MFA in recent years, and it will become commonplace for all accounts soon enough. There’s simply no better way to protect your data than MFA.
If you’re using a managed IT services provider to handle your business data and email, they absolutely must offer MFA for your accounts. Without it, one bad password can destroy your entire business.
4. Learn All You Can About Cyber Security
There’s no excuse for not knowing the basics of cyber security. Our entire lives exist in a digital world, and we all should be accountable to some degree for protecting our most valuable asset, our data.
Creating strong passwords is only the beginning. There are simple steps we all should undertake, like protecting our home wireless networks, monitoring our kids’ devices, and keeping up to date with technology news. These are easy steps that can help keep you and your family safe.
Also, don’t be afraid to spread the word about password complexity. The most popular passwords today are still - incredibly - basic phrases like “Password123.” These bad passwords make for easy exploitation from cyber criminals, and lead to data theft for everyone else with an account on the same service.
One bad password can hurt us all.
To learn more about passwords, and the tips you can implement in your personal and business accounts, check out our latest webinar, "Password Best Practices for Your Business" with tech expert Corey Shields!