Over the last few weeks there has been increased concern around online security. As we spend more time connecting to new apps and programs thanks to COVID-19 and social distancing, we also provide more opportunity for hackers to breach our privacy. This has been seen with Zoom as well as allegations against social media app Houseparty.
But there are ways to avoid having your accounts hacked, and a most of it comes back to good password hygiene. Here are some of the best password security tips so you can keep your accounts as locked down as you are right now.
Check if Your Email has Been Breached
If you’re not sure where to start, a good reminder of just how easy it is for your accounts to be hacked is seeing if your primary email address has already been compromised without you even realising. Have I Been Pwned can quickly check this for you. If you find your email has been compromised, change your password immediately.
Use Hard Passwords
Get out of the habit of using easy to remember (AKA easy to guess) passwords. And don’t use anything that can be associated with you, like a birthday, your partner’s name or your pet. And while you may think using things like “12345” and “password” as actual passwords must be a joke in 2020, they’re sadly not.
According to security firm SplashData, the 25 most common passwords are:
- 123456
- password
- 123456789
- 12345678
- 12345
- 111111
- 1234567
- sunshine
- qwerty
- iloveyou
- princess
- admin
- welcome
- 666666
- abc123
- football
- 123123
- monkey
- 654321
- !@#$%^&*
- charlie
- aa123456
- donald
- password1
- qwerty123
Don’t ever use these or even a variant of these – hackers know people do this.
“Attackers don’t go and blindly try all eight letter passwords and all nine letter passwords,” said Jeffrey Goldberg from 1Password to Gizmodo. “They guess the more likely ones first. These attackers know more about how people create passwords than anyone else.”
If you think you’re being clever by changing a letter to a number, you’re probably not. A lot of people do this. You can test out how strong you think your password creation skills are via this tool. It will tell you’re putting symbols and uppercase letters in the same place as most people, as well as provide alternative password suggestions. Here’s an example:
If you must go with a recognisable phrase, as opposed to a random string of numbers and letters, perhaps consider a pass phrase, instead of a password. Using something like ‘GiZmod0 aUstralia Rocks!’ is harder to guess than a normal password and includes complexities such as unique characters, letters and numbers.
[referenced url=”https://gizmodo.com.au/2020/03/why-ji32k7au4a83-is-a-remarkably-common-password/” thumb=”https://i.kinja-img.com/gawker-media/image/upload/t_ku-large/dpnmcz6xiytzvvjnsj2j.jpg” title=”Why ‘ji32k7au4a83’ Is A Remarkably Common Password” excerpt=”For too many people, moving the digits around in some variation of Patriots69Lover is their idea of a strong password. So you might expect something complicated like” “ji32k7au4a83″ would be a great password. But according to the data breach repository Have I Been Pwned (HIBP), it shows up more often than one might expect.”]
Use Two Factor Authentication
Yes, two-factor Authentication (2FA) can be annoying, but it’s one of the best ways to keep your accounts secure. I can’t even count the amount of times I’ve gotten suspicious login attempts that have ultimately failed thanks to 2FA.
If you’re unfamiliar, 2FA adds an extra step to the login process, making it harder for hackers to hijack your account. Usually this is either via email verification or text message, but authenticator apps are also rising in popularity.
It does mean logging in is a little less seamless, but it’s ultimately worth it to protect your data and privacy.
Don’t Re-Use Passwords
With so many platforms wanting a password these days, it can be easy to become complacent and use the same one for just about everything. Think about it this way – the more times you use the same password the more likely it is that all of your data can be exposed. All it takes is for one data breach on an obscure app and suddenly a hacker will be able to access more important stuff, like your email, messenger apps.
We saw why this can be a problem in a recent large-scale Zoom hack, which mostly comprised of accounts that were using passwords that had already been compromised elsewhere.
Use Different Logins
For the same reason as above, using the same login or email address for everything increases the chances of having your data breached. After all, if an online attacker hacks one account they can potentially hack all of them if you have used the same login and password.
Use A Password Manager
Of course, there’s a downside to using different and complex passwords for every app, service and platform – remembering them. Fortunately, that’s where a password manager can do the work for you. They allow you to store all of those hard-to-hack passwords, as well as your different logins, in one secure place.
There are a range of different ones out there with a sliding scale of pricing options – you can even use some for free. Different managers will have different inclusions, such as bulk password generation so you don’t have to change them all manually, as password hygiene assessment and the ability to scrape the dark web for any security breaches against your account. You generally have to pay for those services though.
We have a list of 5 of the best password manager options on the web right here.
[referenced url=”https://gizmodo.com.au/2020/04/best-password-managers/” thumb=”https://gizmodo.com.au/wp-content/uploads/2020/04/password-manager-410×231.jpg” title=”The Best Password Managers To Use If You’re Paranoid About Getting Hacked” excerpt=”Over the past few weeks there have been an increasing amount of stories around video conferencing apps and software getting hacked. One of the biggest breaches has been of Zoom, which has had over 530,000 accounts sold on the dark web and across hacking forums. In this case, this data was able to be stolen because the passwords has already been compromised in other data breaches. This is a big reminder to use obscure passwords, don’t use the same one twice and to change them often. But when so many apps and accounts need a password, this quickly becomes a pain in the arse. And this is why password managers exist, and these are some of the best ones.”]