Is My Password Secure Enough?

Some of us are old enough to remember the days when we had to memorize telephone numbers, back before we all had a cell phone in our pocket to store all our data. Now, instead of paper address books or…

Some of us are old enough to remember the days when we had to memorize telephone numbers, back before we all had a cell phone in our pocket to store all our data. Now, instead of paper address books or Rolodexes, we have convenient apps for collecting personal digital information like email addresses and telephone numbers. We also now have passwords for everything – apps on our phones, online banking, and retail websites. Even our front door at home might come with a password of some sort.

It might be tempting to have just one or two passwords that we reuse for multiple applications.  We may think that because the apps aren’t connected that it is safe to use the same password in multiple spots, but that could not be further from the truth. In fact, if a password for one application or website is part of a security breach, then both your username and password can be sold on the open market along with other personal data. There are hackers with computers using these lists to test other sites with that combination of username and password. Occasionally they’ll get lucky and hack more than one of your accounts. We make this even easier for them if we reuse passwords on multiple websites. 

The numbers vary depending on the source, but tech.co estimates 85% of people reuse passwords on multiple websites.

Troy Hunt, a Microsoft Regional Director, runs both a blog and website called “Have I Been Pwned.”  Funny name, but, using data gathered from various security breaches, he’s compiled a huge list of compromised accounts.  Go ahead and try it – enter your phone number or email at the site and see if it has been involved in a data breach. My personal email has been found in 11 data breaches – from Poshmark to Canva, SitePoint to Twitter my information is out on the dark web. This includes everything from my email address, date of birth, and passwords to my physical address. Could I have done anything to stop this from happening? Not likely, unless I decide to not interact with public websites. It’s impossible to predict where and when a future data breach may occur.  

What we can do is make it more difficult for hackers to access our information by using strong, unique passwords for every application. Either use an online random password generator to create passwords, or instead use a passphrase as your password and store your information in a secure password storage application such as NordPass, 1Password, or Keeper. Using a secure password storage app means you only need to remember one password to access the application, and the rest of your passwords are securely locked within the app.

As a rule, passwords should be at least 12 characters in length and should not contain “dictionary” words; that is, passwords with recognizable as words such as “refrigerator2023.” The most secure password will be a random mix of both capital and lowercase letters, numbers, and symbols. Avoid using birth dates, family members’ names, streets you once lived on, or any other easily found information.  

If you have a need for a password that you can easily remember, consider using a passphrase instead.  A passphrase is more like a sentence, but it’s made up of random words rather than letters – an example would be “Fetch Mustard Cardstock Brain WordPress Dusty.” Each word has a meaning to me and is easily memorized in order. If I forget the words and need to recall my passphrase, I know the first letters of each word in order are my teachers’ names in grades 1 through 6. This is a similar method to the mnemonic devices we learned as children to memorize the planets or the colors of the rainbow. While this may seem like a lot of work, it makes for a very difficult password for a hacker to crack!

Another method to increase the security of a password is to always enable 2-factor security. This may mean entering your phone number and receiving a code when you access a website or using an app like Google Authenticator to generate a code after you input your username and password. While it may seem like added work, it greatly increases the security of your account and quickly becomes second nature. Small steps to increase your password security can make a world of difference when it comes to keeping your personal information private. And, of course, if you believe an account may have been compromised in any way, change your password immediately and retire the old password.  

 

Posted in

Mary Support

Mary has been supporting WordPress websites for about 5 years and she has spent the last year helping to maintain the websites that are hosted with Corporate Conversions. She absolutely loves her work - learning more about web development and helping people with questions seems to be the perfect blend for her. When she's not learning new things about WordPress, she likes to spend time with family and do crafty things like knitting hats and learning to quilt.