With the increase in the number of data breaches for small business, owners need to secure their business and personal accounts from hackers. Cybercriminals often use LinkedIn and other social media profiles as a gateway into businesses, where they can gain illicit access to megabytes of sensitive data.
Mark Zuckerberg found out the hard way a few years back. A reported LinkedIn hack led to the exposure of additional accounts belonging to the Facebook (now Meta) CEO. Despite his presumed savvy — after all, he is the world’s top social media magnate — Zuckerberg reportedly committed a series of fatal errors, including using an easy-to-crack password — dadada — on multiple accounts.
Using common words and the same password for more than one account are elementary no-nos. However, these are common mistakes made by otherwise knowledgeable users who do not want to memorize lengthy sign-in codes. It is an increasingly dangerous mistake now that hackers are more sophisticated. For example, recently the NSA, FBI, and other security agencies noted that the Russian General Staff Main Intelligence Directorate’s Main Center for Special Technologies has released new malware targeting Americans and other users.
Fortunately, securing your accounts is easy. One simple measure is multi-factor authentication. MFA requires at least two independent factors to log into an account. One factor may be your password, and the second could be a one-time passcode sent to your phone. So, even if one factor is stolen your account will still be safe.
Increasing the length of the initial password or personal identification number is another good move. 7777 is one of the most common and easily guessed PINs. Almost all devices support PINs longer than 4 digits; and adding a few more numbers can make a big difference, thanks to the math involved. While a four-digit PIN has only 10,000 unique combinations, a six-digit PIN has 1 million
Some devices support alphanumeric PINs or passwords to make it even harder for hackers. To make it easier on yourself, consider using words or phrases that mean something to you but are not generally known to others. Do not use special dates like birthdays, anniversaries, personal phone numbers, or street addresses.
Like numeric PINs, the longer the password is, the better. Take an eight-character password like betashow — with sophisticated software tools, an attacker could guess this password instantly. Now add four characters and make it betashowbest. An attacker could guess this 12-character password in less than two weeks. However, if we make it betashowbestshipping, it would take an attacker about 21 centuries to crack this 20-letter password; a big return for the small effort.
Also consider creative passphrases — longer passwords composed of multiple, random words. They are simple ways of making passwords longer. Like swiftest tropical downhill ski; walking on oranges, or BrieflyMoreDiamond (but do not use those, since they have appeared in a widely distributed newspaper column) and passphrases, which are harder to crack, do not have to be hard to remember. They can create pictures in your mind, like “purple nose on a brick wall.”
Or imagine you have a noisy coworker. Every day you think, “I can hear Sam from across the office!” Something like this would make an excellent passphrase. Remember to avoid words that are related to each other. For example, the passphrase “gentle ocean breeze” is not as strong as “laptop pineapple car.”
Follow the rules
There are a few more angles to passwords and passphrases: it is important to know and follow your organization’s policy when creating them. Your company may require a minimum character account, a mix of alpha and numeric characters, or special characters. These security requirements are there for a reason. It is a good idea to comply with them. If they make it tougher on you, they also make it tougher on hackers.
Another point: More than 90% of us know that reusing passwords and PINs is risky, but about 60% of us reuse them anyway. It is convenient — because there are fewer things to remember — but password reuse and other bad habits put accounts at risk. Remember the Mark Zuckerberg example? It is always safer to create strong and unique passwords or PINs.
About now, you may be thinking that there is no way you can remember each password for each device: your mobile device, laptop, desktop, iPad, business laptop, and more. But there is a solution for that. Your organization may offer a password manager or a software application that securely stores and manages online credentials. It sits behind a master password — so you only have one password to remember — and the manager automatically generates new passwords every time you log into a device.
However, this is not the same as storing your passwords in the browser. Think of a password manager as a secured vault: Once all your account usernames and passwords have been put into the vault, your master password is the only one you have to commit to memory. Entering your master password unlocks your password vault, and from your vault, you can retrieve whatever password you need.
Whichever method you use, it is vital to keep your credentials secure. Never write them down. You may think your hiding place is good, but it is still likely someone could find your password, master password, or PIN. Similarly, do not create a file on your computer to store your login information, even if you encrypt it. Finally, avoid sending yourself PINs or passwords via email or text.
Another best practice: do not share your password or PIN. You never know if someone else will keep your credentials secure. And at work, you may be held accountable for anything that happens when someone is logged in with your credentials. So if you have previously shared your password or PIN, now is a good time to change it.
Finally, “shoulder surfing” is another danger you need to watch out for. Shoulder surfing is when a cyber-thief tries to steal your password or PIN by watching you enter it. Remember to be vigilant and aware of your surroundings when entering passwords, master passwords, passphrases, or PINs. Make sure no one can see what you are typing.
It takes time and effort to establish and safely maintain secure passwords. However, your digital data can be worth its weight in gold, and with more lurking threats than ever before, it is only reasonable to take more precautions to safeguard this treasure.
Carl Mazzanti is the president of eMazzanti Technologies – a firm specializing in cybersecurity in New Jersey