Your Passwords Are Weak: 4 Steps to Better Internet Security

Your Passwords Are Weak: 4 Steps to Better Internet Security

As the Operations Manager at Narwhal Capital, it is my job to keep things running smoothly. One of my biggest day-to-day roles is IT support. The task of protecting the firm and its data is an ever-changing battle. Scammers and hackers always find new ways to get around layers of security, so it is our job to be a step ahead. Everything mentioned in this blog post is a best practice for business and personal online security.

Passwords

It’s probably time to stop using that password you created in 2003. “Easy to remember” passwords are typically…easy to hack. Stay miles away from using personal information in a password (date of birth, last 4 digits of SS#, your name, street address, etc...). Scammers can find most of this information online anyway.

Most websites let you know how weak or strong your password is, listen to them. The BEST option is a randomly generated password (Google offers this if you are logged into a Google account when creating a password). Humans are bad at creating things randomly. We tend to be predictable – and that is what scammers and hackers count on. Don’t make it easy for them.

Your second-best option is to create a password that is more of a phrase. Automated programs that hackers use to breach accounts are not so great at guessing phrases. Creating a phrase that only makes sense to you is the best practice here.

For example, GregMoyer_is_100%CoolerThanMe is a very strong password. And it’s easy to remember - because it’s true.

Other strong password examples:

ouranniversaryWasin1998onJune2nd

imissmyfirstdog(HerNameWasGinger)

isawAtlantaUnitedwin12-8-18

It is ok to include some personal information in passphrases, simply because they are extraordinarily difficult to guess. Automated programs that try to brute-force into your accounts will use a database of common passwords. I am betting none of the examples above would be on the list.

Be sure to use a combination of upper and lowercase letters, numbers, and special characters. There is a reason most websites require this – it helps to protect you.

Password Managers

Password managers are the easiest way to remain secure, and you only need to remember one password! Sites like LastPass and Dashlane randomly generate passwords for all of your individual accounts. All you need to do is log in to the master account, and all of your individual sites are auto-filled. These are available as desktop and mobile applications.

Password managers use end-to-end encryption when entering your password, which makes it more difficult to hack. The password manager does not “know” your password. It sends a digital token to the website you are logging into, and if it matches the stored password – you’re in.

Password managers are highly effective in bolstering your online security.

LastPass: https://www.lastpass.com/

Dashlane: https://www.dashlane.com/

Google: https://passwords.google.com/

Multi Factor Authentication (MFA)

I’m sure everybody is tired of receiving a text message with a verification code when trying to log in to their bank account – but it’s necessary. This is known as Multi-Factor Authentication. Adding a second layer of verification to your online security dramatically increases your odds of remaining secure.

If you have an alarm system at home - you’re already using MFA. Locking the doors is your first layer of security. Anybody with the gumption can break down your front door, but they probably don’t know the alarm code.

Almost any site that stores sensitive personal data will offer MFA. The password managers mentioned above offer MFA as well.

Security Questions

Security questions are one of the most misunderstood verification methods in online security. The rule of thumb here – do not use answers that can easily be found online.

What high school did you attend?

There is nothing secure about this question. I could personally find out where almost anybody went to high school in under a minute. The same applies to street names, kid’s names, your favorite teacher’s name, etc. Unfortunately, a lot of scams originate from people you know. If I know the minimal amount about your family and where you grew up…there is a pretty good chance I can guess your security answers. If I don’t know you, I can scrub your social media accounts to find the answer. We share a lot more personal information online than we realize.

So, what is the solution? Lie.

Lying on the internet to protect your identity is actually very important. I have a larger blog post that will dive into this topic in the coming weeks. Here’s a teaser: avoid giving out your real birth date unless necessary.

Keep in mind, almost all security answers are case sensitive. We should be looking at these answers as a “second password”. More importantly, a second pass phrase. The best practice here is to totally disregard the question. Just make up a new pass phrase. Be sure to store a copy of your answers offline. Lies are more difficult to remember.

Security question examples:

Q: What high school did you attend?

A: myfavoriteAnimal…isaWhale

Q: What is your mother’s maiden name?

A: ireallyhateManchesterUnited

This exercise may seem ridiculous, but it is extremely important for your overall internet security. Never provide a tangible security answer that someone could research and find.

In closing, the most important thing you can do today – strengthen your passwords. Start with your bank accounts, and work down from there. Be sure to use a passphrase that is tough to guess!

If you have any specific questions about cybersecurity, I am happy to help. Send me an email at [email protected]

Stay safe online,

Greg Moyer