Are You Using Good Passwords?
It is 2024 and for some reason many people are still using weak or old passwords. I bet you have the same password for most of the websites that you log on to. The most common access point for a hacker is the password.
Simple passwords like those that you walk the keyboard like “qwerty” or maybe “1qaz@WSX”, are really easy to remember, but they are also very easy to break. A hacker will obtain a password dictionary, which is a file of common and compromised passwords and they will have a computer hammer away at a website or computer login until it gains entry. So, if the hacker knows the target website and the target email account or login name, then all they need to do, is sit back and let the computer do the magic. And they have apps or scripts that can do this across hundreds of targets and thousands of passwords an hour. Once they know your password, chances are good that you used that same password on other websites. That is why it is important to use different passwords for every login. The longer or more complex the password, the better the chances that it either can’t crack your password or that your password isn’t in the password dictionary. We call this a brute force attack or a dictionary attack.
Shockingly, the most commonly used passwords are “qwerty“, “12345678“, “iloveyou” and “password“
Hive Systems put together a chart to help illustrate the point of having a more complex and longer password.
I know that remembering passwords can be hard for many people, but that is where password vaults like LastPass come into play. You can install the browser extensions and the desktop and phone apps, and then you only need to remember one password, and that is the password that unlocks the encrypted vault. LastPass can be set up to automatically fill in your username and password for you, and you can even set it up to automatically change your password. And as a bonus it can generate random complex passwords for you, so every website can have a unique complex password. There are other password vaults besides LastPass, I use and recommend LastPass.
I keep talking about complex passwords, so what is a complex password? Several factors make a password more complex. One being longer, the longer the better in most cases, another factor would be adding a mix of upper and lower case characters, adding numbers, and adding special characters (i.e. @#$%^).
A simple password might be like “averagejoe“, but it gets harder to crack if I make it, AverageJoe and even harder if we make it “Average1Joe2“. To make it even more difficult, we could make it “$Average1Joe2@Weekly*“.
Of course, using simple words like “Average” or “Weekly” isn’t advisable. If you want to see if you have an online account that has been compromised, then you might want to check out the have i been pwned website. I did a post about it here. If you subscribe to their “notify me” service, they will alert you if your username or password is compromised.
Another method to ensure that your internet accounts remain safe is to implement what is known as 2FA or Two-Factor Authentication. 2FA used the principle of something I have and something I know. If you set up your banking website account to have a password and then text you a code, that is an example of 2FA. You know the password and you have the phone. Don’t get me started on how absurd it is, because if the bad actor steals your phone, then they own you and your online accounts. But 2FA is indeed a good thing as it keeps those who don’t know you from stealing your online identity.
Here is what I use and do to help keep my online world safer.
- Change all passwords annually
- Use complex passwords of at least 16 characters
- Use a password vault, I use and recommend LastPass.com
- Use a complex vault password
- Setup 2FA for as many accounts as possible (not everyone supports 2FA
- Subscribe to websites like have i been pwned
- Immediately change my passwords that have been compromised
Author
Welcome to the Average Joe Weekly blog. This is basically my place on the web where I can help spread some of the knowledge that I have accumulated over the years. I served 10+ years in the Marine Corps on Active Duty, but that was some 25 years ago.
