4 Reasons Passwords Are So Easy to Hack—6 Ways to Make Hacking Hard!

Recently, Twitter announced that a bug in their system was stealing user passwords. The outcome of this potential disaster could have created a ‘tweet storm’ of monumental proportions and the possible loss of Twitter’s reputation.

As a precaution, they recommended all 336 million users not only change their passwords but update all services using the same password.

Why?

Twitter knows that people commonly reuse passwords. In fact, in a recent 2017 survey from password manager, Keeper, more than 80% of people over 18 admit to having the same password for more than one account.

Reusing passwords is understandable considering the average American internet user has over 150 online accounts. Giving ‘slight variations’ to the same password are as predictable to hackers as leaving the house key under the doormat is to robbers.

Hackers know user patterns.

Most of us find it easier to repeat one password in multiple accounts by switching around the same numbers, symbols or names. Hackers also know local culture often dictates password selections. Choosing local sports teams, parks and restaurants are favorite options.

You would think Facebook CEO, Mark Zuckerberg, would know better right? Wrong. Zuckerberg used the same password, “dadada” for several different accounts.

Other CEOs playing loose with their passwords include: Google’s Sundar Pichai, Yahoo’s former CEO and Mid-Wisconsin native Marissa Mayer, and former Uber CEO Travis Kalanick. Variety and Buzzfeed were caught too.

Standard off-the-shelf hardware cracks most passwords.

Here are 4 reasons why hackers have it too easy:

1. Most passwords follow predictable patterns—the top 100 patterns will crack most passwords.

2. People share personal and business passwords—an open door for hackers to log onto multiple services and steal sensitive data.

3. Use of common dictionary words.

4. Password reset questions users fill in with common information hackers can easily find online like birth dates, birth city, mother’s maiden name and the name of your first pet.

Here are 6 ways to make hacking hard.

The Better Business Bureau recommends, “changing your passwords if they’re all the same, are too easy to guess, forgotten or compromised.” Managed internet security experts on the front lines of protecting businesses from hackers wholeheartedly agree.

Here are 6 easy tips that give hackers headaches!

1. Make your passwords hard to guess. Stay clear of using dictionary words or common acronyms and internet slang like “thx, OMG, LOL” or other common phrases of the day.

2. Use complex phrases. For example, a phrase like: my two dogs like puddles in the summer and so do my kids, could be turned into a password that looks like this: m2Dlpits&Sdmk. It’s easy to remember, it’s complex, no dictionary words, no personal information, uses digits, symbols and capital letters and it goes beyond the eight-character minimum recommended. Placement matters.

Consider this: “Put your digits, symbols and capital letters spread throughout the middle of your password, not at the beginning or end,” says Lorrie Faith Cranor, FTC Chief Technologists and Carnegie Mellon computer science professor. “Most people put capital letters at the beginning and digits and symbols at the end. If you do that, you get very little benefit from adding these special characters.”

3. Use a different password for each account. Keep away from simple patterns like 12345678, or dadadada. (Think of Zuckerberg next time you create a password.) Even if you’re not a regular internet or social networking user, keep in mind that common words like your mother’s maiden name, children’s names, hometown, birthday or anniversary can be found on numerous data collection sites.

4. Passwords shouldn’t be stored on laptops, phones, pads and other devices. Written passwords are best, or you may want to consider a password manager or browser tools that generate hard to crack passwords and store them for easy retrieval. Here are several independent evaluations of the many options available.

5. While not recommended, if you do save passwords on your phone they should not be labelled ‘PASSWORDS’. Also, avoid mentioning passwords in your device notes and documents because they could end up cloud storage. Devices can also be lost or stolen.

6. Use two-factor verification to prove your identity. It’s an extra step when logging onto your accounts but worth doing because it helps give more security online.

Until someone builds a better password ‘mousetrap’—most of us must do a better job of using complex passwords to keep our personal information protected. Social security information and other key data in the hands of hackers could impact your job, family and future.

If you are concerned about business security, consider talking to a managed security expert for advice on best practices for passwords and other options for protecting your business against breaches. Don’t make you or your business an easy target for hackers!