Tech Advice – How safe are your passwords?
May 21, 2018
When Yahoo! reported that someone hacked one billion of its accounts, it was a stunning revelation. Then it disclosed last fall that the names, dates of birth, email addresses, passwords and security questions and answers were compromised on all three billion of its accounts. For many, this news was devastating.
That’s because the vast majority of us use the same password or too close a variation of the same password for everything we access. Research also tells us that the average strength of our passwords is low. Also, most of us rarely change our passwords. In a 2017 survey, Keeper Security found over 80 percent of us reuse the same password, and nearly a third of us (29 percent) share a password with two or more people.
Keeping your passwords safe
Today, it seems hardly a month goes by that we don’t hear about a major data breach involving a well-known brand. Microsoft-owned LinkedIn had 117 million emails and passwords hacked. eBay had all of its 145 million usernames, emails, passwords, and dates of birth compromised.
Even firms in the business of keeping information safe and secure are on the list of the most prominent data breaches ever. Equifax, the major credit data firm, had millions of customer passwords and emails stolen. RSA Security had a theft that compromised its SecureID two-factor authentication tokens. They are considered the gold standard of security.
Dozens of major company online account records have been hacked. That means the likelihood your email and password from one of those accounts have been sold is very high. How do you keep your password safe?
We talked to our experts at Tech Helpline. Tech Helpline is the real estate industry’s #1 tech support service, available to nearly half the Realtors in North America. That’s more than 500,000 Realtors in the U.S. and Canada. Our Tech Helpline’s staff of professional tech analysts have about 300 years of combined IT experience. Most importantly, we work with real estate agents every day.
Here are some best practice recommendations when it comes to keeping your passwords safe.
Make sure you haven’t been compromised
Have your email and favorite password already been compromised? With so many data breaches, how do you know if your information might be for sale on the dark web?
Fortunately, there is a safe and trustworthy website that will tell you if your email or password is somewhere online – and the source that exposed it. The site is called “have i been pwned?” You can read about why Troy Hunt, a Microsoft Regional Director, created it, as well as find the links to check your email and password, here: https://haveibeenpwned.com.
It might scare you, but you might not even have to go to the Dark Web to learn if your password and email address has been compromised. A Google Search just might reveal a list of passwords and emails hackers use with “brute force” software to break into accounts. You just might find your password on that text file.
How strong is your password?
Our Tech Helpline analysts suggest that you can use a variation of a password safely for different accounts, as long as you keep in mind a few best practices:
– Use 12-14 characters
– Include caps, numbers and special characters (if allowed)
– These first two requirements are part of the algorithm password testers tend to use
– Make it unique, but very easy to remember for you
– Remember, one of the most common ways that hackers can break into accounts is by guessing common passwords. The more difficult your passwords are, the higher the likelihood that a hacker will simply look for easier targets.
Also, some firms, including banks, are offering a new option called a “passphrase.” Instead of a single word and characters, it is a sequence of words or other text that acts as a password. They can be much harder for hackers to crack, and easier for you to remember, such as “Wh@t is th3 PassWord?”
Beware of stored passwords in your browser
Most of us store passwords in our favorite browser because it’s a huge time saver. The bigger benefit: we don’t have to remember which password we used! After all, when we see our passwords populate, they appear hidden – as asterisks. So, they are safe, right?
Well, not entirely. Two things you need to realize. First, most browsers will allow you to see every single password stored. In Chrome, for example, if you have your computer’s single admin password, it will reveal your password for every one of your stored accounts. Second, there are software programs that will export all of your passwords from almost any browser.
For example, WebBrowserPassView is a free password recovery tool for Windows that reveals the passwords stored in web browsers, including Internet Explorer (Version 4.0 – 11.0), Mozilla Firefox (all versions), Google Chrome, Safari, and Opera. The publishers note, “This tool can be used to recover your lost/forgotten password of any Website, including popular Web sites (sic), like Facebook, Yahoo, Google, and Gmail, as long as your Web Browser stores the password.”
This is another reason why your computer must be password protected.
Using a password program
The best practice may not always be the cheapest one, but it is, the experts say, the safest one. Use a password software program such as Dashlane, LastPass or Keeper.
For typically less than $30 a year, these programs do the heavy lifting of password security management for you. That’s a tiny price to pay if you think what it could cost you if a hacker got into your bank or PayPal account. These programs help you use a different, incredibly strong password for every site and account you have. You only have one password to remember, and that’s to enable the password manager.
There are some free options, with more limited features, as well those that PC Magazine lists here.
Write them down
Write all of your passwords down. Then put them in a safe or safety deposit box. This is vital, because if something were ever to happen to you, your significant other, or heirs will need access to your accounts. They will also need access to your smartphone, your computer and any other device that requires a password.
Take these five simple steps, and you will have done what you can do to keep your passwords safe.
For additional insight, check out these articles:
Tech advice: What do you do if you do the wrong thing?
Knowing What These Tech Buzzwords Mean Could Save Your Real Estate Business
How can you make your data safe?
Don’t get caught by the phishing hook