I attended a Stop Think Connect event at the Strategic Air and Space Museum, located just outside Omaha, at the beginning of the month. I came away with the event with one thing on my mind: I really need to change my passwords.
You probably do too.
Kristin Judge of Opcio Consulting LLC informed attendees that 2013’s most commonly used passwords were laughable. Seriously, the most used password for logging into a potentially confidential website last year was — wait for it — “password.” Not even with a capital “P.” The second and third most used passwords were “123456” and “12345678.”
Judge also explained a not-so-old tool that hackers use to decode passwords called a rainbow table. The “table” can be used to quickly hack accounts when a person only uses a simple variation on the same password.
“Unless your password is 12 characters long, has one capital letter, one lowercase (letter), one @ symbol, a dollar sign and a number,” Judge said, “they can hack your password in less than .002 seconds.”
There are tools to help protect your accounts, none of which are fully unhackable, but Justin L. Kolenbrander, a supervisory special agent with the FBI’s Cyber Task Force, made a point I’ll reiterate here: If your password is more difficult to hack than another person’s, you probably won’t be hacked.
Perhaps Kolenbrander put it better himself.
“You want to make yourself as hard a target as possible,” he said. “If you can make yourself a hard target, with two-factor or even more factors of authentication … (hackers) will move on.” That’s right, they’ll just move on to the next account.
And he brought up one of the tools that’s easy to implement: Two-factor authentication.
Setting up two-factor authentication requires a person to have something extra to verify they are who they say they are online. Normally the extra security is provided by a cell phone.
After you type in your email password, for instance, your phone would receive a text message. The message has a pin number that you’d type online to further verify your identity. A day, week, or month later, you’d do this again with a fresh pin number texted to the same cell number.
A crowdsourced list of sites that offer the second step of authentication can be found at TwoFactorAuth.org.
There are other “factors of identification” too. Each adding an extra layer of security to protect your account. Here they all are (with explanations).
1- Something you know (this is your password — the one you probably need to change)
2- Something you have (in most cases this is your cell phone)
3- Something you are (this would be finger print or retina scan)
That last one is a little ‘Mission: Impossible’ but it really isn’t very far-fetched anymore. Hello, finger print scanner on the iPhone 5s cell phones!
Another way of making your accounts less hackable is using a password manager. Password managers were created to make sure people could make all their logins as unique as possible without forgetting any passwords.
These applications, which are available on mobile devices in app form or computers, hold the login credentials to all your accounts and you only need to remember the password to get into the vault. It’s a bit tedious to use, but it’s better than being hacked.
