Poor password management is probably the cause of most of my calls and emails that begin with the phrase “I think I’ve been hacked…”. There is a wonderful darkweb site (pwndb) that has a searchable database of email logins with passwords in plain text from a number of breaches. Worse, if you do a Google search of the pastebin website for ‘password’ or similar terms, you will find large username and password dumps on the regular internet. This is why you are repeatedly told to not reuse passwords and to change them every so often because some company will be breached and your favorite password will be leaked. Assume it already has or check https://haveibeenpwned.com to see the known password breaches for confirmation.
You are also told to use complex and unique passwords. There are enormous free “dictionaries” of used passwords and phrases in multiple languages that hackers download and will have programs test on a variety of different websites, online apps and other areas like maybe your WordPress website login page (yes, this is very common). They can even figure out character substitutions to catch those who cleverly use P@$$word instead of password. In some cases they will brute force a password using a program, which speaks to why you are told to have long passwords as those programs are making an attempt with various characters until they can get in, but if you have a long password it takes many more attempts and much more time to try to get in.
How to Manage Your Passwords
So how do you manage to have many passwords that are long, random and complex? The answer is to use a password manager. Some systems have them built in, especially in browsers. These have not been the best for a couple of reasons, but they are much better than what you are probably doing now. There are several on the market, probably the most common are Dashlane and Lastpass, but there are many more. Apple’s built-in keychain with Safari is fairly good for Apple users. To use one, I recommend looking at a few and choosing one. Install it and come up with your new complex password that will become the only one you need. Then, start small. Start with one or two websites, like maybe Pandora or Instagram and change those passwords letting the password manager create its giant meaningless sets of characters. Then try it out for a few days and see. As you get the hang of it, start changing your more important passwords with the manager and soon you will have secure passwords everywhere you go online that will be very difficult for anyone to hack.
It must be noted that there are lists of default manufacturer passwords for routers, thermostats and everything else online, so please change those passwords as soon as you turn on any new internet connected device.
This all said, whenever you can, use two-factor authentication and if it gives you the option, choose to use the cell phone app, such as Authy and Authenticator, as it can protect you from an attack called SIM swapping, which I explained in a previous article.
Help is Available
If you have any concerns about your businesses cybersecurity, don’t hesitate to reach out to your local Wyoming SBDC Network advisor for no-cost, confidential assistance by clicking here.
About the Author: Jim Drever was born in Laramie, WY. Although he considers Wyoming home, Jim spent several years abroad studying and working in places like Japan, Switzerland, Scotland and Germany. He has also worked as Marketing Director for a local software company.