123456: Poor Password Management

| Filed Under: Insights | By:

password management

The time has come. It’s time to fess up. You know you are guilty.

The interweb judge will eventually pass sentence.

The crime? Not managing your passwords properly. The sentence? Giving up your personal account information or possibly even a fine, AKA theft from your bank account.

If you pay any attention to the news, you will often hear about the thefts of “xxx million passwords” from “_______ Big Internet Company.” These thefts are becoming a fact of life. While you cannot control the theft, you can limit the damage password theft can do. In a recent LinkedIn hack, 167 million passwords were stolen. The password “123456” was used in over 750,000 accounts, and “password” was used for 144,458 accounts. If you use easy passwords like these, it is like giving hackers a key to all of your online accounts.

The first step is to not use simple, obvious passwords. When you hear about a celebrity account getting hacked, it’s usually because they are using a variation of something that is meaningful to them, like their dog’s name, city of birth or something else that is public knowledge. Hackers are accessing these accounts because the passwords are easy to guess.

The second step is to use a different password for every account you create. This sounds daunting, but it’s actually fairly easy. Services like LastPass.com are a great service to protect you from someone gaining access to all of your online accounts, and you don’t have to keep a scratch pad and pencil with all of the different accounts and variations needed to do this. This one has the benefit of being free as well for the desktop version. If you don’t choose LastPass, at least get some sort of password management in place.

The way it works is pretty simple. Create a LastPass.com account, and install the web browser plugins. Next, log into the plugins. Then, when you go to a website and create an account, the service will prompt you to save the login. Once you do this, a different, complex password can be used for every account. It can even generate complex passwords for you. It will generate things like “@$E8JL3uksSUXr.” It will certainly be hard guessing that one. And don’t worry about typing the password back into the login. The plugin will know you’re at the login page and auto-fill it for you when you go back to that website. As long as you are logged into the main service, LastPass will do all of the remembering for you.

Nothing can keep all of your accounts from getting hacked because there is just so much that you don’t control. You might as well limit the damage they can do. If you are using a different password for every account, they at least can’t get to your other information with one “key to the castle.”