Password pain a necessary evil

Everywhere you turn, an online website is asking for a username and password. How are we expected to keep track of so many passwords accumulated over many years?

In 2017, Wired Magazine predicted one in three users will be hacked each year. That does not mean there is a person with a dark hoodie using programming language to get to your computer.

Hacking ranges from receiving phone calls from bogus companies posing to be debt collectors and demanding credit card details to junk email advising you have won $1000 if you follow a link; and downloading free online software that installs malware as well.

While some cybercriminals may want to hack into our social networking or email accounts, most want the financial gain that hacking bank accounts can bring.

The three most important passwords to keep safe are your banking details, your email passwords and your social network passwords.

 If a hacker has any one of these they can use it to gain access to the others, by simply clicking the “forgot my password” link.

There are many other ways that hackers can crack your password. One is to attempt to log on to your account by guessing your password based on personal information gained from your security questions.

Another way is to use a password cracker which uses brute force – trying multiple combinations of characters repeatedly until it gains access to the account.

There’s also a method called a dictionary attack, in which the program will cycle through a predefined list of common words that are used in passwords.

The shorter and less complex your password, the quicker it can be for these programs to come up with the correct combination of characters.

The top 10 most used passwords for 2017 were 123456, 123456789, qwerty, 12345678, 111111, 1234567890, 1234567, password, 123123 and qwertyuiop.

If you are using any of these, change it now to something more complex. Use eight characters in capitals and lowercase, a symbol and a number.

Try not to make it obvious either, by using characters like your last name, date of birth or dog’s name. They are the first words hackers try.

Use Two-Factor Authentication (2FA) whenever possible. This adds a layer of security to any account you may be logging into. Many banks, google and Facebook use 2FA. When you log into these websites it will send a code to another pre-authorised device that you use to enter for access to your account online.

Keeping track of passwords can be a nightmare, but this is a necessary evil and requires vigilance if you are to safely purchase or perform banking online.

I have many clients who keep an old address book hidden in their house with a running list of their passwords and the date they changed each.

If you are like me and have over 400 online accounts gathered over 20 years of online transactions, then you may want to look at paying for and using an online password vault which you can load on to your devices.

It securely stores all your passwords so at any point you can log into an account directly from this vault. Providers like 1Password, Lastpass or Dash Lane offer these programs.

Change your password regularly. For instance, every year I create a new password for the year (without the year included in the password, obviously).

If I open an account during this year it will be different then from the password I used the year before.

Eventually we will get to a point that passwords will be replaced by biometric authentication, which can be seen on the iPhone through face recognition and finger print recognition, but until this time comes, I would suggest you remain vigilant with an eight-character password combination. Keep a record of your passwords with the corresponding date you changed it, whether it’s an old address book or an online password vault,  be sure to keep your passwords safe.

 For more, contact 1300 682 817 or email nathan@hometechassist.com.au