Passwords are essential to your safety, but like everyone else you probably have dozens of passwords to remember. So, you might take shortcuts – but taking advantage of this is one way bad guys access your passwords.
Incredibly, there are still people out there using “password” or “123456” in their access credentials. Also, some people don’t change the default passwords on their devices and this can be dangerous.
So how to make your passwords stronger?
Avoid the obvious passwords
When you have to create a password, make an effort. Steer clear of simple, easily guessed patterns – an ideal way of getting a good password but one that you will remember, is to think of a word (or combination of words) and change letters for numbers and special characters such as exclamation marks. For example, instead of “strongpassword“, make it “sTr0NgpassW0rd!”
Cybercriminals can also guess your password. With a little bit of research about you online, they can make some informed guesses. Common passwords include pet names, birthdays, and anniversaries. These are all easy to find via your social media accounts.
Be careful what you share on social media
Always remember that as well as updating your friends and relatives, you are potentially updating cyber criminals, giving them access to a goldmine of info for personalizing an attack on you.
If that doesn’t work, criminals may try brute force. They might script an automation bot to run thousands of password permutations until they get a hit. The software will try a long list of common passwords and run through dictionary words to gain access, which makes it more important to have a good password (see above).
Don’t duplicate passwords – Company data breaches
The criminal may also be working with info from a data breach. In early 2019, a security researcher found more than 2.7 billion email/password pairs available on the Dark Web. Criminals accessing that database could use the data as a starting point, as many people duplicate their passwords across accounts, so try not to duplicate!
Not only that, a major broadband company in the UK was hacked and millions of accounts compromised, so it can happen here too.
It can be overwhelming to remember all your passwords, and that’s also why you should use a password manager to keep track of it all for you – for more information see our previous Blog page about Passsword Managers.
‘Phishing’ – it’s not what it seems
Of course, there’s one more method of getting your password that we haven’t addressed yet. It’s the familiar ‘phishing attack’ – something pretending to be from a company but is in fact a fake. For instance, you get an email that looks like it was sent by your bank. Phishing typically has an urgent message and a link that directs you to what looks like a credible page.
Pay attention to who is sending the email and hover the mouse over the link to see where it actually ponts to. If you are concerned about your bank account, for example, open up a browser and type the URL manually rather than clicking the link. Many times, you will see that it is not the internet address that you would expect, such as instead of barclays. co.uk it is abcdef.barclays.co.uk.
The most important thing to remember is that if you are in any way not sure, pick up the phone to your bank (or other company involved) to verify that the email is from them. As a rule of thumb, try not to use links in emails as fake web pages can be very convincing.
These tips can help you to protect your valuable passwords. Still, setting up a password manager and amping up your internet security can help too. Need support getting ahead of the cybercriminals?
Contact us on 01455 209505.