When it comes to passwords, we are often our own worst enemy. It shouldn’t be a surprise. Remembering a different cryptic password for every site is difficult and confusing. Using a password manager can help, but too many times we opt for the easy to remember, and easy to hack, password. In effect, we are making it easier for criminals to access or hijack our information. Microsoft is trying a new approach to help alleviate this problem, by banning many passwords that are frequently used and easily hacked.
The massive data loss at LinkedIn is a case in point. Over 100 million email and decrypted password combinations have been offered up for sale on the Internet. The most-used password was “123456”. Other top offenders included “linkedin”, “password”, and “querty”. So if we as users won’t stop using passwords like these, what is to stop hackers from easily gaining access to our accounts?
Microsoft reports over 10 million hacking attempts every single day on their networks. So they have begun banning simple and ineffective passwords that hackers try as a matter of course. Users who try to create accounts using a banned password are told to “choose a password that’s harder for people to guess”.
Microsoft is also monitoring attacks in real time and “dynamically” adding to their banned list when they see hackers trying a particular password on a large scale. They are also monitoring countries and locations known for hacking attempts, and imposing lockouts after a series of failed password guesses. If this approach is effective for Microsoft, it will no doubt be imposed by other online providers as well. Best practice? Just don’t use these kinds of passwords, and don’t use passwords over and over on different accounts. You’ll spend far more time trying to fix the damage and recover your online identity than simply using good passwords from the start.
Strong passwords are essential for online security. If you choose to write them down, keep them in a secure place. Alternatively you can use an online password manager.
Tips for creating strong passwords
1. Make sure they are least 8 characters long.
2. Never use personal data in your passwords. Family names, dates of importance, numbers from addresses or phones, even if scrambled, are first lines of attack for hackers.
3. Do not use phrases that can be found in a dictionary, Wikipedia, songs, or other literature. Much of the content from these sources have already been decrypted and are in downloadable hacker databases.
4. Mix in capital letters in unexpected places and add special characters like *,&,$.
5. Use a memorable passphrase to create a password using the first letters of the phrase. For instance, the phrase “My friends Tom and Jasmine send me a funny email once a day” creates a good password “MfT&Jsmafe1ad” by using the first letters and a symbol.
6. Do not reuse passwords
You should have unique passwords for all of your online accounts, especially accounts that access financial or sensitive personal data. Of special importance is your email account, which, if hacked, can be used to reset your other online accounts. Make sure to secure your email account with a strong and unique password.