Passwords, passwords, passwords. You are probably getting tired of hearing about passwords. The thing is, having a strong password can keep an enormous amount of attacks from being successful. But we are human and remembering complex passwords isn’t what we are good at. On top of that, once we choose a password, we use it, or a derivative of it, EVERYWHERE. These two things are responsible for the overwhelming majority of all cyber attacks. So in this month’s lesson, I am going to show you a couple of things you can do that will make the lives of hackers the world over much harder.

The Cardinal Sins of Passwords

Thou shalt not use easy passwords – passwords that contain anything specific to you

You probably know what I am talking about here. Summer2021 or SusanJane051181 (first and middle name, birthday). These may be easy to remember but hackers will be able to get this info from your social media. There are apps hackers can use to scan your social medial accounts and build word lists based on your names, birthdate, where you live, family and pet names, etc. This makes their job of cracking your password a lot easier. On top of that, once they have a list of possible passwords, there are tools that allow them to test all of them until they eventually get in.

You don’t need to use the old way of making a complex password: 5&U!h23hpxqTMf

There is a much easier way now. Choose 3 or 4 random words and put them all together. Supper echo radio (to help you remember it, you could say, I heard an echo from the radio while eating supper). Make a couple of changes to this new password by adding a number and punctuation. Supperechoradio57%

You now have an 18 character password that is nearly impossible to crack. It should also be easy to remember.

Thou shalt not reuse passwords

But just because you have a good password, don’t use it for everything. Sometimes, websites that you may use store their user’s passwords in an unencrypted format. This means that when the site is breached, your password is now revealed. It wasn’t your fault, you chose a good password. But the website didn’t do its part and encrypt them. This is very common and how most passwords get dumped on the Internet by hackers.

It is important to use a unique password for every site or app that you use. I know what you’re thinking: there is no way I can remember all of those. That is fine because you can use a free app called a password manager to do that for you. A good example of this is Bitwarden. It is free to use but the paid version is only $10 per year. It will generate unique passwords for all of your sites and store them for you. Then you only need to remember the password to get into your Bitwarden password vault. It can be used on all of your computers and devices. It will store all of those online accounts such as your insurance payors, clearing hosues, EMRs, etc.

Changing this one behavior will greatly improve your security online.

Thou shalt not write thine passwords on sticky notes

Ok so you have a good password to get into your password manager. You have unique passwords for all of your online accounts but you want to be sure you have your password when you need it so what do you do?

You write in on a sticky and paste it to your monitor. No!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

All of your well planned security is out the door now. If you notice in the pic above, they chose lucky77 for their bank password. That would be broken in less than 5 minutes with tools by an attacker. The password isn’t long enough, not complex, and its a commonly used password. But on top of all of that, its stuck to their person’s laptop. If that laptop were stolen…. well, game over.

If you are using a password manager, then you only need to choose one strong password and if you use the technique above, you will be able to remember it.

Following these basic rules will reduce your chances of being breached down to the low single digit percentages. They are the most important thing you can do to protect yourself online.

Well, other than NEVER CLICKING ON ANY LINK IN AN EMAIL OR TEXT MESSAGE.

Ok, Sunday school is over. Have a good holiday and stay safe out there.