How to Make Sure Your Passwords are Secure

Keeping your network secure is definitely a top priority for every business owner. And if it’s not, it should be. Data breaches through a range of cyber security threats can lead to the loss of considerable time and money. It can also lead to large-scale customer service issues, the loss of proprietary product and brand info, a violation of your client’s personal information, and damage to your company’s reputation. 

Setting up strong passwords and protecting them is an important part of keeping your data safe from attack. In this article, we’ll look at how passwords get hacked and then list some ways to make sure you create a secure password every time. 

How Passwords Get Hacked

Passwords can get hacked in several ways. One of the most common is simply for someone to buy your password off the dark web. Black market theft and sales of passwords is commonplace. And if you’ve been using the same passwords for years, there’s a chance your password has been compromised. Even more reason to make sure you’re changing your passwords regularly. 

Dictionary Attack

Another way hackers gain access is through something called a dictionary attack. This kind of attack attempts to uncover passwords by running through a prearranged sequence of words, similar to running through a dictionary. These attacks sometimes work because companies insist on using common words for their access points, something that usually proves to be harmful. 

It may seem like you are just keeping things simple for your employees, or that you’re ensuring that you’ll always remember your company’s passwords, but choosing overly simple and common words is like laying out a welcome mat for would-be intruders. 

Brute Force Attack

Brute force attacks attempt to gain access by trying every letter, number, and symbol combination possible. This seems like a near-impossible task. But it has become a lot easier in the past decade with individuals creating new technologies, programs and computers that possess the ability to try millions, even billions of combinations in a short period of time, enabling them to break in within hours. Creating longer passwords, especially over 12 characters, is a great way to protect yourself in this case. 

Phishing

As you might recall, we recently looked into the dangers of phishing attacks for individuals and business owners. Phishing has been happening for years and its prevalence continues to rise year after year. 

Phishing uses social engineering in an attempt to trick, manipulate, convince, or pressure individuals into sharing private information. You may receive emails, phone calls, or texts stating that your credit card accounts, phone account, or other subscriptions are experiencing problems or have already been hacked. 

These attackers try to convince users to give them private access information in exchange for some kind of professional help, solution, or necessary service. Unfortunately, these attacks are responsible for untold millions in damages both to businesses and individuals alike. Not to mention the theft of incredible amounts of private data and customer info. 

Creating an Unbreakable Password?

Creating an unbreakable password, well, as unbreakable as possible, takes a bit of thought, but it isn’t terribly difficult. You just have to be deliberate about the process and dedicate yourself to updating it regularly with an equally strong word or phrase. 

No “KISS-ing”

You know the old phrase “Keep it simple, Stupid,” or “KISS.” Well, when it comes to passwords, that’s the worst advice anyone could give you. The simpler your password, the more likely it is to be hacked. It’s crazy, even after so many years of this same mistake leading companies and consumers into a sure pitfall, that countless people still use the word “password” as their password. Maybe they use a slight variation like password1. Others are guilty of using letter or number sequences like 12345678 or ABCDEFG, or one of several other terribly simple passwords. 

This isn’t meant to poke fun. We mention it because we want your networks to remain safe. When it comes to protecting your info, simple passwords mean ease of access for criminals. Don’t roll out the red carpet for attackers. Make it as difficult as you can for them. 

Size Matters

As we mentioned above, the longer the password, the better. More characters means a greater number of combinations that have to be tried by hackers and their programs. Complexity equals security. Shoot for words or phrases with more than 12 characters if the program or site allows. 

Don’t Use Common Keyboard Paths

Just like not using common words or number sequences, avoid common keyboard pathways like “qwerty,” or any other similar sequences of characters on your keyboard such as “asdfgh.” Common keyboard paths are the first sequences that criminals try. 

Use a Mix of Characters

Go for more complexity. Use a mix of letters, numbers, and symbols with no simple sequences like “123.” Add case changes with upper and lower case letters for even better security. 

More is Sometimes Better

You can lower your chances of dictionary attacks simply by using multi-word phrases instead of single words. This increases the number of possible word combinations that hackers have to attempt when trying to uncover passwords. 

Strange is a Good Thing

Keep it weird. Avoid well-known and oft-used phrases. Mix it up. Instead of duckduckgoose, try something unlikely to be guessed like duckdogcocktailofmadness&[email protected]#. Sounds insane right? Maybe, but it keeps the cyber attack dogs off your scent and your gates closed to intruders. 

Use a Password Manager and Password Generator

A password manager is a helpful security and access tool. It keeps track of all your passwords for you and only allows access to them through a master password. Make sure to use every trick in the book, including all our tips above, to write the perfect master password. 

These programs also include random password generators. These can be incredibly helpful since they can generate highly complex and randomized combinations or characters. The resulting phrases are often far more difficult to crack than anything you might come up with on your own. It’s a great idea to put available technologies to work for you. 

MFA: Multi-Factor Authentication

These programs have become industry standard for many of the world’s most prominent organizations. Two-Factor Authentication or Multi-Factor Authentication adds an extra layer of security by requiring not just a password, but an added requirement like a fingerprint, a series of security questions, or a request for a onetime PIN sent to your email account. Every company should use multi-factor authentication for their networks. 

Trust is Key

Be careful who you trust. Do your research on any company and website when you sign up for anything requiring a password. Make sure they have solid reviews, contain an https in their web address and have verified security measures for all customer use. 

Second, don’t give out your passwords. At times, we need to share these things with our spouses. But we don’t recommend any sharing beyond this. We don’t say this because friends or acquaintances are untrustworthy, but the more people who know and use your password, the greater the chances of hackers gaining access. 

Extra Security Tips

Use a VPN, or Virtual Private Network, especially when using public WiFi. This keeps your passwords safe when logging into accounts or signing up for new services. 

Keep your antivirus up to date. Make sure you’re doing any and all official updates and be on the lookout for better programs that may serve you and your business more effectively. 

Strategize with Your IT Team. Whether you’ve got an in-house department or an outsourced team taking care of things, it’s a good idea to meet regularly with them to discuss ideas for new and better security measures, innovative technologies, and practical ways to keep your passwords and network secure. 

Conclusion

We often fall into the trap of assuming password strength doesn’t matter. This couldn’t be more dangerous. Weak passwords destroy businesses. We should use every measure at our disposal to create complex passwords that remain difficult for hackers to discover. 

We should also update our passwords frequently and use all additional security measures like VPN’s, Multi-Factor Authentication, password generators, and avoid responding to suspicious emails, texts and calls. Your password is often the gatekeeper between a criminal and your files and online accounts. Don’t take it lightly. Take steps today to create unbreakable passwords. 

Tech Masters is your full IT specialist. We help businesses of all sizes establish rock solid security, flawless networks, intelligent analytics, and better communication, with a range of IT solutions. Contact us today for a free IT assessment. 

For answers to questions about password protection, check out our frequently asked questions below. 

FAQ

How do most passwords get hacked?

Cyber criminals can hack passwords in a number of ways. Some of the most common include good old fashioned phishing scams where they try to trick or pressure you into giving up personal info, dictionary or brute force methods, respectively,  where hackers run through a series of words or as many random combinations of characters as possible, often using programs specifically designed for this purpose. 

How can I create an unbreakable password?

While no password is 100% guaranteed, there are several things you can do to create passwords that remain incredibly difficult to crack. Don’t use common words or phrases, personal names or addresses. 

Make it longer, at least 12 characters. Mix it up with upper and lower-case, symbols, letters and numbers. Consider using strange phrases that only you can think of, odd combinations of words that aren’t used in common discourse. And don’t use common keyboard pathways like “qwerty.” 

Are there tools that can help me create passwords and manage my security better?

Definitely…yes! Use virtual private networks, or VPN’s for greater security, especially when using public WiFi. Always keep multi-factor authentication (MFA) on all accounts, and consider password managers with generators that not only protect all your passwords but can generate highly complex, randomized passwords that are more difficult to uncover.