Strong passwords are vital protections to keep your online identity safe. The cybersecurity experts at MSA Investigations offer the following tips to help protect your accounts.
Don't use a predictable password
This may seem like obvious advice, but astonishingly enough many people still use terrible and quite obvious passwords. A report by security consultant Mark Burnett revealed that the number one password people used was "password." The second most common was "123456." Your password should be complex. It should contain a combination of letters, numbers, symbols, and both upper and lower case letters.
Don't use a real word as your password
Paul Kocher, a cybersecurity expert, says, "The worst passwords are dictionary words or a small number of insertions or changes to words that are in the dictionary." As these can sometimes be difficult to remember, Mr. Kocher suggests coming up with a passphrase -- for example, a favorite movie quote, song lyric or poem -- and string together only the first one or two letters of each word in sentence. So, for example, the passphrase "Toto, I've got a feeling we're not in Kansas anymore," would lead to a password containing "tigafwnik." Your password should include numbers, symbols and letters.
Don't use a short word as a password
The shorter the password, the easier it is to hack. Passwords should be no less than 10 characters long.
Give fake answers to security questions
The amount of information available about us on the internet is astounding. Thanks to Google, Facebook, and services like Spokeo, it is not as difficult as you think for a hacker to find out the make of your first car, or the elementary school you attended. A quick search on Ancestry.com would identify your mother's maiden name.
Don't use the same passwords for more than one account
In the event that your account does get hacked, this will prevent the hackers from being able to easily access your other accounts. Isolate the damage to one account rather than making it easier for the hackers to wreak havoc on your entire digital identity.
Use two-step authentication for your accounts
This means that when you log in to your account from a computer or location that the system doesn't recognize, the system will require you to enter a code that is sent to you via another method, usually a text message or phone call. Two-step verification reduces the chances of your account being hacked because the hackers would need to not only get your password and username, but also have access to your phone. Most banks and email providers offer this option. If they don't, you should seriously consider moving your account to an institution that does.
Use different email prefixes for different accounts
For example, don't use firstname.lastname@example.org and email@example.com and firstname.lastname@example.org. Using the same email prefix makes it less difficult for hackers to "daisy-chain" their hack by easily identifying your other accounts.
Use an isolated or unique recovery email address
Your recovery email address is the back-up email you provide in the event that you forget your password. You should use an email address that is ONLY used for recovery services and not linked to any other core services. This should not be linked to anything else, and you should pick a username that is not linked to your name.
Use different browsers for different types of activities
For example, only use Mozilla Firefox to do bank-related transactions. Use Google Chrome strictly for email purposes. This way, if your browser catches some sort of malware or other virus, your bank account or email won't both necessarily be compromised. It should be noted that a study conducted by Accuvant Labs of web browsers found that Google Chrome was the least susceptible to attacks. The study included common browsers such as Microsoft Internet Explorer and Mozilla Firefox.
Don't store your passwords on your computer
Do not store your passwords on your desktop or in your in-box. If Malware infects your computer, your entire password list will be at risk.
According to Jeremy Grant, who runs the Department of Commerce's National Strategy for Trusted Identities in Cyberspace, "Hackers are increasingly going after small businesses . . . They have more money than individuals and less protection than large corporations." Don't put your small business at risk. According to Wired magazine, the number of data breaches in the United States increased by 67 percent in 2011. Data breaches can be exorbitantly expensive. For example, a data breach of Sony's PlayStation account in 2011 cost the company $171 million to rebuild its network and protect its users from identify theft.
MSA Investigations provides Penetration Test and IT Security Assessment services to identify vulnerabilities in IT infrastructure. Follow the tips above and schedule a consultation with MSA Investigations to protect your business from security vulnerabilities.
Contact us to learn more about cybersecurity services at MSA Investigations.
Image Credit: Women 2.0 PITCH at the Computer History Museum, February 14, 2012