How would you feel if your lack of password security allowed hackers access to the likes of Microsoft, Intel, and the US Treasury Department? Yikes! As more information is revealed about the SolarWinds hack, an astonishing tale of gaping internet security vulnerabilities is exposed. One of the most shocking revelations is that an easy to guess password, “solarwinds123”, was all that stood between hackers and a company server! While most of us don’t ever have to worry about a security breach as massive as the SolarWinds hack, the impact of a compromised account on your business can be devastating. Are your accounts safe? Password security is key to keeping hackers out.
What is a Safe Password?
For starters, any password that uses a common sequence of letters (abcd) or numbers (123) is a no-no. Likewise, don’t ever use your name or business name in the password. It’s simply astonishing that “solarwinds123” was used as a password because it is ridiculously easy to guess. It’s extremely important that you use a unique, long keyword for each of the services you use. This way, if a hacker does somehow manage to access the password for one of your accounts, they won’t be able to get into all of your other accounts. If you are using the same password on every site you log into, that needs to be fixed right away.
Passwords should be long and unique, but cyber security experts are divided on whether they need to be complex or not. The best advice is to choose a phrase, verse, or song lyric that is easy for you to remember. Turn this into a password that is memorable for you but too long for a hacker to guess. You can strengthen the password by turning some letters into characters. For example, substitute an exclamation point for the letter “i,” or a zero for the letter “o.” Using this idea, a password like “canttouchthisohohoh” can become “canT_touch_This0h0h0h.”
The best way to keep track of multiple passwords securely is to use a password manager. Services like LastPass will remember passwords for you. An added bonus to most password managers is that they work in tandem with breach monitoring services, and will alert you immediately if any of your account information turns up in a known hack. You only have to remember the password for your management service, and the password manager will keep track of everything else for you.
For those who love pencil and paper, a password book can be a viable option at home. Essentially, this is a small notepad or notebook where you write and store your passwords. If you choose to use a password book, make sure it is stored in a safe place. Don’t ever leave it out on a desk or in a highly visible place where others might find it. Also, you can’t take it with you when you travel. If someone were to steal both your laptop and your password, you’d be in deep trouble. A password book is really only good in a lockbox, where you or a trusted person can access it for emergencies.
The absolute best way to protect your accounts is to do the two-step, and we don’t mean the country dance. Two-step verification requires both a password plus another means of authentication to access an account. This could be a face or touch ID, or an authentication app. Several social media services offer 2-factor authentication as part of the login process, and you can add this additional safety layer to your personal accounts as well.
Once you have devised unique passwords and stored them safely, guard them as fiercely as you would any other valuable asset! Watch out for email and text schemes that try to trick you into divulging your personal information. There are very, very few instances where you will need to share your password, so be careful who you give it to.
Now that we have password security squared away, are there any other issues on your site that put you at risk of being hacked? We can check for you with our WordPress Website Technical Audit! Find out how we can help make your website run more smoothly and safely.