Sample Sidebar Module

This is a sample module published to the sidebar_top position, using the -sidebar module class suffix. There is also a sidebar_bottom position below the menu.

Sample Sidebar Module

This is a sample module published to the sidebar_bottom position, using the -sidebar module class suffix. There is also a sidebar_top position below the search.
Summer 2022
  • You are here:  
  • Home /
  • Feature Stories /
  • 2022 /
  • Summer 2022 /
  • Navigating Today: The Art of the Password
 
1-866-985-9780

Search our Site

Navigating Today: The Art of the Password

Katie Woychyshyn, Contributor, Craig Kelman & Associates
 
Cybersecurity is no joke. As political tensions rise and cyberattacks ricochet through the 24-hour news cycle, navigating cyber-safety may seem like a daunting task; however, by taking one step at a time to improve your cyber-habits, you too can improve your chances at remaining safe and secure in our tech-based world. 
 
Unless you’ve been living off-the-grid for 20 years, odds are you have a password or two. Passwords are part of life, whether you’re an online shopper, a hardworking professional, or an excited-to-get-back-to-it concert buff. Passwords are important. They keep our assets – our identities, credit cards, messages, and bank accounts – safe in the online world. But what if your passwords aren’t secure enough? What if all that data could be stolen and sold without your knowledge?
 
You may be asking, “Why would a hacker want my data?” Usually, data hacks are motivated by financial gain. According to LMG Security, a Montana-based cybersecurity and digital forensics service provider, commonly targeted data includes PIN numbers, Social Security Numbers, Tax IDs, Employee W2 forms, payment card information, medical records, and access to other accounts. Each of these items can sell for up to USD$250 on the dark web, the unlisted part of the internet where criminal activity may occur. 
 
Your information and data are important and valuable. That’s why proactively pursuing the most secure password option you can is a vital priority. 
 
  
Common Passwords 
 
In 2021, NordPass, a subdivision of global cybersecurity leader Nord Security, released a list of the top 200 passwords used  in 50 countries. This research was compiled in partnership with independent researchers specializing in research of cybersecurity incidents. 
 
The US was categorized as one of the most at risk for data leaks. Globally, the worst passwords included 123456, 123456789, 12345, qwerty, password, and 12345678. 
 
In the 2020 list, NordPass showed that most of the 200 offending passwords could be cracked in less than a minute. With technological advances, the hacking of these passwords will only continue to become easier for those looking to sell your information, changing the question of “if” your password will be hacked to a more certain “when.”
 
  
How to Make a Better Password
 
It’s easy to feel like you’re out of your depth when it comes to cybersecurity and protecting your information; however, there are steps you can take when it comes to creating, maintaining, and using passwords on the web. 
 
 
Avoid Common Words or Phrases
 
When looking through NordPass’ Top 200 Most Common Passwords, many simple words and phrases jump out at you, like sunshine, soccer, baseball, princess, monkey, summer, and – of course, password. 
 
According to McAfee, global leader in online protection for consumers, you should never use common words or names within passwords. These can be easily cracked and when you are trying to protect your data, especially data of high importance, these passwords will not do what they need to do. McAfee also applies this rule to compounds of multiple words, urging readers to avoid combinations like “IloveLabraDorReTrievers” when creating a secure password.
 
 
Shift Away from Knowledge-Based Authentication
 
Perhaps when the internet first began, it may have been okay to use the name of your first pet, the school your father graduated from, or your mother’s middle name as a password. These are all examples of knowledge-based authentication (KBA) still used routinely across organizations. 
 
According to LMG Security, while these systems are easy to set up, they can easily be subverted by criminals with access to the right stolen secrets – and it’s not hard to find that kind of information, as online information sharing has become the norm.
 
Avoid Commonly Used Password Patterns
 
In a 2013 study by the US Defense Advanced Research Projects Agency (DARPA), researchers found that about half of all passwords used at a Fortune 100 company followed five common patterns. McAfee summarized three, which are listed below:
 
• One uppercase, five lowercase, and three digits 
(Example: Komand123)
 
• One uppercase, six lowercase, and two digits 
(Example: Komando12)
 
• One uppercase, three lowercase, and five digits 
(Example: Koma12345)
 
Though these passwords perform better than using a simple word, like sunshine, stepping away from the commonly used patterns will make for a safer data-protection experience. 
 
 
Make Your Password Longer by Using Passphrases
 
When you are making a password, the longer the better. Though remembering a longer passcode can be more difficult, U.S. media and tech website CNET states that eight characters is the minimum requirement for a secure password. Additionally, strong passwords should use everything on your computer – uppercase and lowercase letters, symbols, and numbers. 
 
One of the best ways, currently, to make a password is to create a passphrase. Harvard Information Security recommends two methods when creating passphrases: making an acronym or choosing a unique phrase. 
 
When using an acronym, choose a phrase you can remember and use only the first letters of each word, working in some numbers, capitalization, and punctuation. For example, the sentence “Mint chocolate chip ice cream: If it isn’t green, why even bother?” becomes “Mccic:Iiig,web?”
 
The unique phrase method is done by picking four or five letters and then make a phrase using words that start with each of those letters, adding numbers or punctuations if it makes sense. For example, the four characters “MISL” becomes “MaybeIncludeSmallLobsters?”
 
McAfee recommends creating your password from a song lyric, since people are usually better at remembering song lyrics. If you use the Beatles’ popular song “Yesterday” and convert the first few lines in the song to a password with letters and punctuation, it will create a passphrase. This means that “Yesterday, all my troubles seemed so far away/ Now it looks as though they’re here to stay/Oh, I believe in yesterday,” becomes “Y,amtssfa/Nilatt’h2s/O,Ibiy.” 
 
Another way McAfee recommends creating a passphrase  is to use a personal statement like “Don’t forget,  your wedding anniversary is on October 3rd!” which  becomes “Df,ywaioO3rd!”
 
 Think Outside the Box
 
There are many other ways to make a password that is difficult to crack, but most of them involve thinking outside the box. McAfee recommends treating your keyboard like a constellation and making a password by drawing a pattern on your keyboard. Though this is reminiscent of “qwerty” and “asdfg,” both of which are not secure, the pattern password will be more difficult to crack as keyboards vary, and patterns are almost infinite. 
 
 Don’t Recycle Your Passwords
 
Making up passwords for every single login you have can be a pain, but not doing so can present a risk to every account that shares a password – especially when you are targeted by a credential stuffing attack. 
 
Credential stuffing attacks are when hackers “stuff” your compromised password and account information into a variety of cloud services – meaning a compromised social media account can lead to breaches in ecommerce, banking, email hosting, and other data-sensitive services you may have. 
 
According to LMG Security, this kind of data breach can also affect your company or organization’s safety. Data breaches can lead to more advanced attacks on companies and organizations, such as ransomware attacks (a commonly used malware that threatens to publish the victim’s personal data or perpetually block access to it unless a ransom is paid).
 
By using different passwords on different platforms, you can decrease this risk to yourself and your company or organization.
 
  Use Multifactor Verification
 
Multifactor verification is becoming more popular across a variety of apps and services, and should be used, when possible, in addition to a strong password. Also known as two-factor authentication, this is when a login requires a second piece of information that only you have before the app or service logs you in, such as a one-time code. 
 
CNET states that even if a hacker does uncover your password(s), without your trusted device (like your phone) and the verification code that confirms it’s really you, they won’t be able to access your account. However, though it’s common to receive these codes in a text message to your mobile phone or in a call, CNET cautions that it’s simple enough for a hacker to steal your phone number through SIM swap fraud and then intercept your verification code so using an authenticator app may be a safer option. 
 
  Store Your Passwords Safely
 
A big issue when it comes to password is remembering them, and if you’re anything like me, finding a way to avoid resetting your password every time you need to use a certain app. This is why storing your passwords in one place could be helpful, though it is important to be mindful of where and who could potentially access the list. 
 
It’s important to note that your passwords should never be uploaded it to the cloud unless they are in an encrypted file. Data collected by McAfee shows that the average company has 143 files on Microsoft’s OneDrive app that contain the word “password” in the file name. This is why the general consensus is that passwords should either be stored in a physical notebook or in a password manager. These two methods both ensure that even if someone is able to access your computer, the data is not as easily accessible. 
 
CNET recommends that if you go with a physical copy, keep it in a locked drawer and limit the amount of people who know where that information is – especially if there are financial accounts involved. 
 
If you choose to go with a password manager, the one caveat is that you must remember a master password to access your other passwords. CNET also cautions uses of password managers associated with browsers, as they are more susceptible to data breaches than apps created specifically for password storage. Trusted password managers like 1Password or Bitwarden are generally less hackable, can create and store strong passwords for you, and be used across desktop and mobile devices. 
 
  Conclusion
 
Life is not simple or easy, but by doing little things like making passwords more secure we can make our lives a little less chaotic. By taking steps to have better password hygiene, perhaps you could prevent the leak of your data, and even prevent a cybersecurity breach within your workplace. It’s worth the effort. 
 
 References
 
Check Point Software Technologies Ltd. (2022, January 10). Check Point Research: Cyber Attacks Increased 50% Year Over Year [web log]. Retrieved from www.blog.checkpoint.com/2022/01/10/check-point-research-cyber-attacks-increased-50-year-over-year. 
 
Colby, C., & Profis, S. (2022, February 7). What makes a  good password? 9 rules to protect you from cyberattacks.  CNET – TECH. Retrieved from www.cnet.com/tech/mobile/9-rules-for-strong-passwords-how-to-create-and-remember-your-login-credentials. 
 
Harvard Information Security. (n.d.). Use Strong Passwords [web log]. Retrieved from www.security.harvard.edu/use-strong-passwords. 
 
LMG Security. (2022, January 4). What Hackers Do with Stolen Data and How to Reduce Your Risk After Data is Taken [web log]. Retrieved from www.lmgsecurity.com/what-hackers-do-with-stolen-data-how-to-reduce-risk-after-data-is-taken. 
 
McAfee Cloud BU. (2015, August 7). How to Create a Strong Password You Actually Remember McAfee Cloud BU [web log]. Retrieved from www.mcafee.com/blogs/enterprise/ cloud-security/how-to-create-a-strong-password-you-
actually-remember. 
 
NordPass. (2022). Top 200 most common password list  2021. Retrieved from www.nordpass.com/most-common-passwords-list. 

Katie Woychyshyn, Contributor, Craig Kelman & Associates

Cybersecurity is no joke. As political tensions rise and cyberattacks ricochet through the 24-hour news cycle, navigating cyber-safety may seem like a daunting task; however, by taking one step at a time to improve your cyber-habits, you too can improve your chances at remaining safe and secure in our tech-based world.

Unless you’ve been living off-the-grid for 20 years, odds are you have a password or two. Passwords are part of life, whether you’re an online shopper, a hardworking professional, or an excited-to-get-back-to-it concert buff. Passwords are important. They keep our assets – our identities, credit cards, messages, and bank accounts – safe in the online world. But what if your passwords aren’t secure enough? What if all that data could be stolen and sold without your knowledge?

You may be asking, “Why would a hacker want my data?” Usually, data hacks are motivated by financial gain. According to LMG Security, a Montana-based cybersecurity and digital forensics service provider, commonly targeted data includes PIN numbers, Social Security Numbers, Tax IDs, Employee W2 forms, payment card information, medical records, and access to other accounts. Each of these items can sell for up to USD$250 on the dark web, the unlisted part of the internet where criminal activity may occur.

Your information and data are important and valuable. That’s why proactively pursuing the most secure password option you can is a vital priority.

 Common Passwords

In 2021, NordPass, a subdivision of global cybersecurity leader Nord Security, released a list of the top 200 passwords used in 50 countries. This research was compiled in partnership with independent researchers specializing in research of cybersecurity incidents.

The US was categorized as one of the most at risk for data leaks. Globally, the worst passwords included 123456, 123456789, 12345, qwerty, password, and 12345678.

In the 2020 list, NordPass showed that most of the 200 offending passwords could be cracked in less than a minute. With technological advances, the hacking of these passwords will only continue to become easier for those looking to sell your information, changing the question of “if” your password will be hacked to a more certain “when.”

 How to Make a Better Password

It’s easy to feel like you’re out of your depth when it comes to cybersecurity and protecting your information; however, there are steps you can take when it comes to creating, maintaining, and using passwords on the web.

 Avoid Common Words or Phrases

When looking through NordPass’ Top 200 Most Common Passwords, many simple words and phrases jump out at you, like sunshine, soccer, baseball, princess, monkey, summer, and – of course, password.

According to McAfee, global leader in online protection for consumers, you should never use common words or names within passwords. These can be easily cracked and when you are trying to protect your data, especially data of high importance, these passwords will not do what they need to do. McAfee also applies this rule to compounds of multiple words, urging readers to avoid combinations like “IloveLabraDorReTrievers” when creating a secure password.

 Shift Away from Knowledge-Based Authentication

Perhaps when the internet first began, it may have been okay to use the name of your first pet, the school your father graduated from, or your mother’s middle name as a password. These are all examples of knowledge-based authentication (KBA) still used routinely across organizations.

According to LMG Security, while these systems are easy to set up, they can easily be subverted by criminals with access to the right stolen secrets – and it’s not hard to find that kind of information, as online information sharing has become the norm.

 Avoid Commonly Used Password Patterns

In a 2013 study by the US Defense Advanced Research Projects Agency (DARPA), researchers found that about half of all passwords used at a Fortune 100 company followed five common patterns. McAfee summarized three, which are listed below:

• One uppercase, five lowercase, and three digits
(Example: Komand123)

• One uppercase, six lowercase, and two digits
(Example: Komando12)

• One uppercase, three lowercase, and five digits
(Example: Koma12345)

Though these passwords perform better than using a simple word, like sunshine, stepping away from the commonly used patterns will make for a safer data-protection experience.

 Make Your Password Longer by Using Passphrases

When you are making a password, the longer the better. Though remembering a longer passcode can be more difficult, U.S. media and tech website CNET states that eight characters is the minimum requirement for a secure password. Additionally, strong passwords should use everything on your computer – uppercase and lowercase letters, symbols, and numbers.

One of the best ways, currently, to make a password is to create a passphrase. Harvard Information Security recommends two methods when creating passphrases: making an acronym or choosing a unique phrase.

When using an acronym, choose a phrase you can remember and use only the first letters of each word, working in some numbers, capitalization, and punctuation. For example, the sentence “Mint chocolate chip ice cream: If it isn’t green, why even bother?” becomes “Mccic:Iiig,web?”

The unique phrase method is done by picking four or five letters and then make a phrase using words that start with each of those letters, adding numbers or punctuations if it makes sense. For example, the four characters “MISL” becomes “MaybeIncludeSmallLobsters?”

McAfee recommends creating your password from a song lyric, since people are usually better at remembering song lyrics. If you use the Beatles’ popular song “Yesterday” and convert the first few lines in the song to a password with letters and punctuation, it will create a passphrase. This means that “Yesterday, all my troubles seemed so far away/ Now it looks as though they’re here to stay/Oh, I believe in yesterday,” becomes “Y,amtssfa/Nilatt’h2s/O,Ibiy.”

Another way McAfee recommends creating a passphrase is to use a personal statement like “Don’t forget, your wedding anniversary is on October 3rd!” which becomes “Df,ywaioO3rd!”

 Think Outside the Box

There are many other ways to make a password that is difficult to crack, but most of them involve thinking outside the box. McAfee recommends treating your keyboard like a constellation and making a password by drawing a pattern on your keyboard. Though this is reminiscent of “qwerty” and “asdfg,” both of which are not secure, the pattern password will be more difficult to crack as keyboards vary, and patterns are almost infinite.

 Don’t Recycle Your Passwords

Making up passwords for every single login you have can be a pain, but not doing so can present a risk to every account that shares a password – especially when you are targeted by a credential stuffing attack.

Credential stuffing attacks are when hackers “stuff” your compromised password and account information into a variety of cloud services – meaning a compromised social media account can lead to breaches in ecommerce, banking, email hosting, and other data-sensitive services you may have.

According to LMG Security, this kind of data breach can also affect your company or organization’s safety. Data breaches can lead to more advanced attacks on companies and organizations, such as ransomware attacks (a commonly used malware that threatens to publish the victim’s personal data or perpetually block access to it unless a ransom is paid).

By using different passwords on different platforms, you can decrease this risk to yourself and your company or organization.

Use Multifactor Verification

Multifactor verification is becoming more popular across a variety of apps and services, and should be used, when possible, in addition to a strong password. Also known as two-factor authentication, this is when a login requires a second piece of information that only you have before the app or service logs you in, such as a one-time code.

CNET states that even if a hacker does uncover your password(s), without your trusted device (like your phone) and the verification code that confirms it’s really you, they won’t be able to access your account. However, though it’s common to receive these codes in a text message to your mobile phone or in a call, CNET cautions that it’s simple enough for a hacker to steal your phone number through SIM swap fraud and then intercept your verification code so using an authenticator app may be a safer option.

Store Your Passwords Safely

A big issue when it comes to password is remembering them, and if you’re anything like me, finding a way to avoid resetting your password every time you need to use a certain app. This is why storing your passwords in one place could be helpful, though it is important to be mindful of where and who could potentially access the list.

It’s important to note that your passwords should never be uploaded it to the cloud unless they are in an encrypted file. Data collected by McAfee shows that the average company has 143 files on Microsoft’s OneDrive app that contain the word “password” in the file name. This is why the general consensus is that passwords should either be stored in a physical notebook or in a password manager. These two methods both ensure that even if someone is able to access your computer, the data is not as easily accessible.

CNET recommends that if you go with a physical copy, keep it in a locked drawer and limit the amount of people who know where that information is – especially if there are financial accounts involved.

If you choose to go with a password manager, the one caveat is that you must remember a master password to access your other passwords. CNET also cautions uses of password managers associated with browsers, as they are more susceptible to data breaches than apps created specifically for password storage. Trusted password managers like 1Password or Bitwarden are generally less hackable, can create and store strong passwords for you, and be used across desktop and mobile devices.

Conclusion

Life is not simple or easy, but by doing little things like making passwords more secure we can make our lives a little less chaotic. By taking steps to have better password hygiene, perhaps you could prevent the leak of your data, and even prevent a cybersecurity breach within your workplace. It’s worth the effort.

 References

Check Point Software Technologies Ltd. (2022, January 10). Check Point Research: Cyber Attacks Increased 50% Year Over Year [web log]. Retrieved from www.blog.checkpoint.com/2022/01/10/check-point-research-cyber-attacks-increased-50-year-over-year.

Colby, C., & Profis, S. (2022, February 7). What makes a good password? 9 rules to protect you from cyberattacks. CNET – TECH. Retrieved from www.cnet.com/tech/mobile/9-rules-for-strong-passwords-how-to-create-and-remember-your-login-credentials.

Harvard Information Security. (n.d.). Use Strong Passwords [web log]. Retrieved from www.security.harvard.edu/use-strong-passwords.

LMG Security. (2022, January 4). What Hackers Do with Stolen Data and How to Reduce Your Risk After Data is Taken [web log]. Retrieved from www.lmgsecurity.com/what-hackers-do-with-stolen-data-how-to-reduce-risk-after-data-is-taken.

McAfee Cloud BU. (2015, August 7). How to Create a Strong Password You Actually Remember McAfee Cloud BU [web log]. Retrieved from www.mcafee.com/blogs/enterprise/ cloud-security/how-to-create-a-strong-password-you-
actually-remember.

NordPass. (2022). Top 200 most common password list 2021. Retrieved from www.nordpass.com/most-common-passwords-list.