If you have ever seen a really bad traffic accident, you understand how it can affect your behavior—at least for a little while. Suddenly, you realize that small and simple changes would make you a much safer driver. You slow down. You give the car in front of you a little more room. The urge to text is a little less compelling.
Similarly, high-profile computer hacks may leave you wanting to be a little more careful with your personal information. If so, there are a number of relatively simple steps you can take to improve your personal digital security. For starters, you can probably do a better job creating and managing your passwords.
More often than not, people choose passwords that provide little protection. A team from the website Cybernews recently analyzed more than 15 million passwords collected from publicly leaked data breaches. The most common password was “123456” followed closely by “123456789”. I’m sure you can see the point. A password that is common and predictable is no password at all.
Creating crack-resistant passwords requires you to keep three words in mind: long, random, and complex. The MIT Technology Review cited a study showing that adding numbers and uppercase characters doesn’t significantly increase password strength. However, as you make passwords longer, more random and more complex—including using symbols—the difficulty in cracking them increases exponentially.
A number of tools are available to help you create and manage strong passwords. 1Password is a particularly effective application combining a password generator with an encrypted password archive that syncs across several platforms and devices. A recent post on www.pcmag.com compares 1Password with 9 other password managers.
Most websites try to protect their users by encrypting the passwords on their servers using a process called “hashing”. When you log-in with your password, the website hashes it and compares your newly hashed password with the hashed password in their database. If they match, you are allowed access to the account.
But hashing only slows hackers, it doesn’t thwart them. With the use of sophisticated computer tools and dictionaries of common passwords, hackers can decipher hashed passwords. In fact, the advent of graphic processing units—computer chips that are designed to crunch numbers like a super computer—makes it easier than ever for hackers to crack a password. Here are some things you should consider if you want to create more secure passwords.
Long is strong. Short passwords—even those that are complex, meaning they contain a combination of upper and lowercase letters, numbers and symbols—are easily broken. Cybersecurity firm Uptycs estimates that a complex password with six or few characters can be hacked almost instantly, while a fifteen-character password containing only lowercase letters would take 100 years to hack. For those who really want security, a fifteen-character complex password would take 1 billion years to crack.
Different is good. Most hackers don’t play fair. They compile databases of security breaches and use that information to hack into other accounts you have. If you use the same passwords across multiple accounts, your vulnerability is magnified. The only way to protect against this is to use different passwords for every account. You can check to see if your email has been exposed in a security breach at the website haveibeenpwned.com. Type in your email address and it will give you a list of data breaches where your email address was found and a short summary of the nature of the breach.
You can further increase the power of your passwords by using two-factor authentication whenever possible. Logging into an account with two-factor authentication requires not only your password, but also a special code that is sent to you via text or email. While two-factor authentication is not a panacea against determined hackers, it is a significant defense that should be part of your arsenal.
Finally, you can significantly enhance your security by changing your password frequently. A compromised password is less valuable to hackers if it changes before it can be used.
All of this can be a very difficult process to manage. Fortunately, a number of password managers have been developed. You can learn all about password managers at www.passwordmanager.com. It is a wonderful website with information on password security and a review of various password managers.
Steven C. Merrell MBA, CFP®, AIF® is a Partner at Monterey Private Wealth, Inc., a Wealth Management Firm in Monterey. He welcomes questions that you may have concerning investments, taxes, retirement, or estate planning. Send your questions to: Steve Merrell, 2340 Garden Road Suite 202, Monterey, CA 93940 or email them to email@example.com.