Don’t let bad passwords become hacker paradise
CBS Local 2 Stands for You and your cyber security.
In a world where we need passwords for virtually everything, it can be tricky to know if the passwords you use are completely secure. We’ve heard about the Ashley Madison hacks, the Target security breach and now even Yahoo is doing away with passwords altogether.
CBS Local 2’s Alexandra Pierce sat down with experts to find out how you can create the best passwords and keep yourself safe from getting hacked.
A simple password — used across multiple sites — not changed for months; our bad habits turn into a hackers perfect recipe for success.
“They’re looking for ease, they’re looking for vulnerability, they’re looking for people that leave their guard down,” said James Uberti, a cyber security expert and former CEO of a cyber security company. “So people are primarily creatures of habit. They’ll think of something that’s very simple, as you know because there’s probably over 25 sites they use.”
And that’s just one of the issues. Uberti said the first thing you need to do is create a complex password — and that doesn’t mean your pet’s name.
“With password management you don’t just want to make characters. You want to involve a capital letter, you want to involve a number or something on a string of that. And you want the password to be no less than eight characters long,” Uberti said.
Others suggest an even safer route is to choose a combination of words strung together like, “correct-horse-battery-staple.”
It’s really simple to figure out how secure your password is. We used a website called ‘How Secure is my Password’ (howsecureismypassword.net.) Let’s pretend your password is 123456. The website says that password can be cracked almost instantly and it’s in the top ten list of most commonly used passwords. But, if we use newzroom spelled incorrectly, with a set of numerals and 2015 at the end with an exclamation point, it would take 344,000 years to crack that password.
The second tip is to use two-step authentication.
“That’s called duel token authentication, which has been used for centuries and it’s very popular, said Uberti. “A duel token authentication is a token on your computer that’s sent along with something that you know or an identification that you are who you say you are based on a password. So these are essential because they make it virtually impossible to crack from an identity standpoint.”
Most websites ask you to create security questions when you set up your account. Or, you can select to set them up after you have your account.
When you have your complex password and security questions, don’t think you’re safe yet.
“Again, use a password that you’re going to remember over and over again for that month, then you change it,” Uberti advises. “Be in that consistent habit of changing it over and over again, but don’t write it down, don’t type it into your computer, don’t save it in your computer because as we know, computers are vulnerable.”
So now you’re probably wondering how to remember all of these passwords if you’re changing them constantly. That’s where password manager sites like lastpass.com come into play.
“These are password companies that make it easy for users to remember all their passwords and secure that information. But again, it’s only as secure as your original password that you set up to get your password,” Uberti added.
Finally, there’s a few simple rules to live by when going through your normal online routine.
Only put important information on secured sites. You can tell if a site is secured if the URL reads https; that ‘S’ stands for secure. Websites with the ‘S’ have to go through rigorous tests in order to earn that distinction.
Also, do not open email attachments that end in ‘EXE’ or ‘ZIP’.
Uberti said to, “Be suspect of every email that comes in because 80 percent of all fraud and identity theft happens from an email attachment or someone providing some personal information online.”
In the end, Uberti says as long as we have passwords we will never be 100 percent secure, but following these steps will make you less vulnerable.
25 worst passwords of 2015
