Articles

It’s World Password Day. Time to Test Your Password Strength!

Thursday, May 2, 2019

How many of you out there use the same password for every online and offline login? How many of you use common or simple passwords for any of your online accounts, whether a sensitive one or not? And, lastly, how many of you hardly ever change your passwords regularly?

If you fit into one — or all three — of the above categories, you’ll want to read on for some tips on strengthening your password this World Password Day. Celebrated the first Thursday in May, World Password Day was created by Intel Security in May 2013 to curb one of the fastest growing crimes, identity theft.

So, just how big is the problem? In 2017, 16.7 million people fell victim to identity fraud, breaking last year’s record, according to a report from Javelin Strategy and Research. The report also found that some 30 percent of the nation’s consumers were notified of exposure to a data breach that same year — all amounting to $16.8 billion stolen.

You might be thinking that your password may have nothing to do with data breaches. And, while that may be the case (unless, of course, you are the gatekeeper to critical business data), if you use one password for every online account, you’re making it all too easy. Hackers will automatically try the password they may have gained in a breach on the email address that is likely tied to said account, and from there, they could get even more access.

The same could be said for common passwords, such as your name or even “password.” Take a look at the top 20 most used passwords from 2018 and how many people used them, according to the National Cyber Security Center:

  • 123456 (23.2m)
  • 123456789 (7.7m)
  • qwerty (3.8m)
  • password (3.6m)
  • 1111111 (3.1m)
  • 12345678 (2.9m)
  • abc123 (2.8m)
  • 1234567 (2.5m)
  • password1 (2.4m)
  • 12345 (2.3m)
  • 1234567890 (2.2m)
  • 123123 (2.2 m)
  • 000000 (1.9m)
  • Iloveyou (1.6m)
  • 1234 (1.3m)
  • 1q2w3e4r5t (1.2m)
  • Qwertyuiop (1.1m)
  • 123 (1.02m)
  • Monkey (980, 209)
  • Dragon (968,625)

Really thinking you’re in need of a better password now? Let’s now take a look at what makes a password strong.

What Is A Strong Password?

A strong password has a few characteristics:

  • It’s at least eight characters long, though, the longer, the better
  • It contains a mixture of both numbers and letters
  • It contains a mixture of uppercase and lowercase letters
  • It has at least one special character, like an exclamation point or asterisk

Strong passwords shouldn’t be a dictionary word, or one with numbers replacing certain letters. Other popular passwords that have proven weak are names, sports teams, musicians and fictional characters like Batman or Pokemon.

To drill it in a tad more, you’ll obviously want to avoid a repeated letter or number, or a series of repeated numbers or letters, along with a series of characters on your keyboard (think: qwerty). And, of course, you should avoid any form of personal information, such as your Social Security number or your home address.

Strong passwords don’t have to be a 15-character string of letters and numbers that are otherwise completely unintelligible to you. Some of the best are a combination of words or phrases, with some capitalization and numbers in lieu of certain letters (“3” for an “e”, say).

If you aren’t sure how yours will stack up, you can test your password strength on a number of websites. Just be sure the website is a credible one, such as those that may belong to password managers or any antivirus and/or Internet security. It’s also best to try out those that you aren’t likely to use in real life.

Keeping Your Password Secure

Now that you’re on your way to creating an iron-clad password, you’ll want to ensure that it stays locked up. To do so, follow these simple tips

1. Don’t share your passwords.

This may seem like a given, but don’t share your passwords — especially those that are the gatekeepers to your most critical, sensitive information — with anyone who doesn’t need it. Your best friend doesn’t need to know your email login, and your parents don’t need your Google account to access shared photos.

Similarly, you won’t want to write these passwords down and stow them away near your devices, and you won’t want a “master list” of passwords hanging out in your email. That could open the door to even more fraud.

2. Toughen up your security questions.

When you first sign up for an online account, you may be prompted to select from a drop-down menu of security questions. What was the name of your elementary school? What is your mother’s maiden name? What is the name of your favorite restaurant? Some will even allow you to select your own security questions. Websites typically use these to ensure a sign-in attempt is, in fact, you, particularly if you’re logging in using a new or different device.

If you are choosing from the list, be sure to implement some of the strong password tips above, especially if the answer is pretty obvious. If you get to create your own security questions, be sure to make them difficult.

3. Use two-factor authentication.

Also known as multi-factor authentication, two-factor authentication is exactly what it sounds like — using two forms of identification to log in. It adds an extra layer of security to your accounts.

For example, if you’re signing in to your email account, you will be asked to input your username and password. Once you’ve done so successfully, you would then be prompted for a different form of identification, like a one-time passcode sent through a text message or a fingerprint scan through your smartphone. To access your email, then, you would need to provide proper credentials for whichever form of two-factor authentication you have chosen.

4. If you are having trouble remembering all your passwords, try a password manager.

Password managers are great solutions when you feel like you have too many complex passwords that are hard to remember. Password managers are typically integrated into your Internet browser and help keep track of your unique passwords for all your online accounts. Some will even store credit card numbers, three-digit CVV codes and more. All of this information is encrypted and stored away safely from potential hackers. There are free and paid versions, so you’ll want to look really closely into each version’s limitations.

5. Change your passwords regularly.

There’s some disagreement on just how often you should change your passwords. Some recommend every 30, 60 or 90 days. But, you don’t want to change them too frequently.

So, what are those occasions when it’s definitely warranted?

  • If you’re notified of a data breach
  • If you’ve noticed any suspicious activity in your account that you did not initiate
  • If you’ve found evidence of unauthorized logins
  • If you think any of your devices are comprised due to malware, viruses or other cybersecurity threats

Use these five tips this World Password Day to #LayerUp your logins today! And, if you’re already a customer, rest a little easier with Windstream Shield packages — all with personal identity theft protection and credit score access, along with monitoring through CreditGuard and antivirus/malware protection through McAfee — for your Kinetic Internet.