We use passwords for just about everything these days from accessing online banking and credit cards to our shopping and social media accounts. Because we have passwords for so many things, it can be very overwhelming. The human brain wasn’t designed for remembering a lot of different passwords. So this leads us to use the same password, or a variation of it, on many, if not all of our accounts. In the past, this was less of a problem than it is today. I will briefly explain why this is such a big deal today and can lead to a massive security breach for your practice or for you personally.

When we sign up for an online service, that service stores our username and password on their servers. This is what allows you to log in and make use of their services. Most companies will encrypt this password so that there is a level of protection. However, many do not. This means that the password is stored in the clear, exactly as you typed it, in their databases along with every other user. When a website or service is hacked, what usually happens is that the attackers will download this database of all usernames and passwords. If the passwords are encrypted, this will slow the attacker down. However, since most users choose commonly used words for their passwords, even if the passwords are encrypted, they are easy to break.

Through no fault of your own, a website was hacked and now your username and password were stolen. Most people don’t use more than one email address so now the attacker has information to use to try to access your Facebook, Instagram, Amazon, and many other accounts.

If you would like to see if any of your accounts have been hacked, head over to Have I Been Pwned – https://www.haveibeenpwned.com

So how can you protect yourself from this type of security breach? There are 2 key rules for you to remember. The first is to create a strong, complex password. This will ensure that even if your password is stolen, it will be hard, if not impossible, to break. The rules were to use upper and lower letters, numbers, and characters, and make the password more than 10 characters in length. This led people to use passwords like Summer2022! This fits all the criteria but would be broken in less than 1 second because attackers know the type of passwords people choose. You can see a list of the top 100 passwords found in data breaches for 2022 here.

• The key to a strong password is to make it long. Choose 3 random words and put them together, words that you will remember. For example, truck sandwich starbucks
• Add capitalization to some of the words and then put a number and character in it. The end result may look something like this – Truck3SandwhichStarbucks!
• That would be a nearly uncrackable password. And you can tell yourself a story to help you remember it. I was in a truck eating a sandwich at Starbucks.

The second thing you can you to protect yourself is not reusing the same password on every site. This is hard for us humans to do. This is where a password manager comes in. You can get free password managers that will install into your browser. They will generate 100% unique and complex passwords, store them securely, and then when you log into a site, they will enter the credentials for you. This is the best way to protect your passwords and ensure you are using strong and unique passwords for all of your online accounts. Good examples of password managers are:

Bitwarden

Dashlane

Simply using a password manager greatly increases your security to a level that is nearly unbreakable to any attacker. Passwords are the cornerstone of all of our security today so its extremeley important that we take this seriously.