The Importance of Password Security

You are here:

Comedian Bo Burnham wasn’t joking when claiming there is “Mountains of content” on the internet.

But are you taking the proper steps to keep your passwords and information safe while climbing it?

“Some better and some worse” is definitely true about the content online. While we could go off here and start quoting Burnham’s, “Welcome to the Internet”, it’s almost safe to say that the content of the internet is practically endless. You can virtually entertain yourself for hours on end, surfing the web of an infinite content wave.

 

There is one caveat of having access to the sea of online content: you are most likely sharing your information to data-sharks while surfing it.

 

Giving away your information is not always black and white. It’s unlikely that a questionnaire pops up and asks you to enter your personal information and passwords randomly. The information is collected from logging into your online accounts. Account activity while browsing is cached and tracked to enhance your browsing experience. These websites build a profile around you, collecting and adding new information from every visit. Some of this information is sensitive, especially passwords and any banking or financial information. Fortunately, websites do their best to encrypt this information. At a glance, you can trust companies to prevent your information from being stolen by data-sharks lurking in deep internet waters.

 

However, you’d think companies like Facebook, Twitter, Amazon and Google would have the digital infrastructure and security to prevent information or passwords from being breached. The sad reality is that is not always the case.

 

”Account activity while browsing is cached and tracked to enhance your browsing experience.”

On October 7th, 2021, Amazon-owned Twitch.tv experienced a data breach in which some user information was stolen. Twitch is a well-known streaming platform where users can interact with those broadcasting a video stream online. Due to a server issue, a malicious 3rd-party company hacked Twitch and retrieved information on Twitch users. While credit card and banking information was fortunately spared from the data breach, some passwords were not. This information was then shared on the anonymous forum, 4chan.

 

Now, if you are a Twitch user and use a separate password on all your online accounts and profiles, this is not a huge deal. All you would need to do is log into Twitch and change your password. But if you surf the web using the same password for everything, you should be concerned.

Let us paint a scenario why:

To keep things simple, we are going to call the malicious user “Bad Guy”. 

  • Bad Guy get’s your Twitch Password and personal email. 

  • Bad Guy attempts to use your Twitch password as your email log-in password. 

  • Your email and Twitch share the same password and Bad Guy accesses your email. 

  • Bad Guy resets your email password so you can no longer access your email. 

  • Bad guy can see all the accounts you have through your email inbox. 

  • Bad guy attempts to log in to these accounts with the same password and is successful. 

  • Now Bad Guy begins doing password resets on any account that shares the same email. 

  • Bad Guy has access to your banking information and social media accounts and has locked you out. 

  • Even worse, Bad Guy logs into your Facebook and makes a post saying, “I love Calgary Flames” when in truth you are a die-hard Vancouver Canucks fan (oh, the horror)!

 

It might sound like a stretch, but more than 240,000 internet users in the US fell victim to similar scenarios in 2020 (ExpertInsights, 2021).

 

But we have good news! Scenarios like these are easily avoidable. By taking a few precautionary steps you can become more secure online.

1. Change Password for Every Log-in Account

This one might be the obvious step, but it’s honestly one of the most important ways of keeping you and your information safe online. According to DataProt, about 51% of internet users use the same password for work and personal accounts (DataProt, 2021). Keeping the same password is just adding fuel to the scenario fire we mentioned above. Every password should be different on any account and meet a high ranking.

 

Don’t use the same password on every account!

2. Use a Password Manager 

If you are someone who has multiple accounts through different websites, it might be tough to manage all of your passwords. You may lose or forget a password and requesting a new password on log-in can be tiresome. Fear not! Password Managers are here to take the password headache away!

 

Password Managers keep all your log-in information in a central and encrypted database. You use one master password to access the database of all the other passwords you have stored. Better yet, once logged in you can have it set to autofill the log-in fields on your smartphone or your computer through a browser extension.

 

Password and Data Managers have become increasingly popular over the years for the amount of time they save for users. 

 

Plus, their state-of-the-art encryption strategies make your password vault impenetrable. Your browser might even have the ability to manage passwords and log-in information. But be wary when using a browser as a password manager. They don’t have the same level of protection and organizations as the top password managers on the market. If we had to choose our top 3 password managers to look into, we would recommend either LastPass1Password, and Dashlane

LastPass and other similar Password Managers keep your passwords secured all in one place.

3. Enable 2-Factor Authentication

Enabling this account feature allows a text or email notification when the website recognizes your account being accessed from a different IP address or device. While some 2-factor authentication is a bit more detailed than others, most of the time you are required to confirm an action. This is by declaring it was you by entering a 5-6 digit code shared in the notification. If in the instance you receive a notification while not logging in, immediately change your password on that account.

 

4. The Stronger the Password, the Better

We like our Passwords like we like our Starbucks coffee: strong and complex with extra whip cream. Sugar and dairy aside, passwords today should be more than 8 characters long, mixed with lower and upper case letters, numbers and special characters like hashtags or exclamation marks. The main goal is to make the password complex to prevent hacking software from cracking your password quickly.

 

There are tools such as HowSecureIsMyPassword.net that can grade you on how long the average password cracking tool will take to hack your password. You will notice that making a random 10 mixed-character password will take a lot longer to crack than a password that is all lowercase.

Security difference between a simple 10-character password (ie, “mypassword”) and a complex password(ie, “b1c4$hfY67”) on howsecureismypassword.net.
The most common hacking method is “Brute Force” in which a computer runs as many possible passwords in hopes of guessing the correct one.

Remember when we mentioned that Password Managers are a pretty nifty tool? The majority of Password Managers will also have the option of generating a custom high-ranking password for a new account. Just another reason why you should be using one.

 

5. Always Use Secure Networks and Trust Worthy Websites

Always check the URL of a site before entering any information, especially if from a mystery link. While we recommend never clicking on a link that may seem suspicious, sometimes you may find yourself treading the waters of an unsecured site. If the address starts with HTTPS, the website is deemed secured and any entered information will be private. If there isn’t an HTTPS, exit that website and never return (kidding, but you should be cautious).

Clicking on the small lock icon next to the URL can confirm if the website and connection is secure.

Sometimes a website might be pretending to be something it’s not. Aside from HTTPS, you can ask yourself these questions to see if the website is trustworthy:

  • Is this the website of a credible and established institution?

  • Does this website look professional?

  • Is this website full of spam or inappropriate ads?

  • Do the links or call to action look like spam?

Stay vigilant and never enter any private or financial information unless you can 100% confirm the website is authentic.

 

While we can never stop someone from wanting to be malicious, we can take measures to protect ourselves and making it increasingly difficult to become a victim of online info theft. The data breach at Twitch is a good reminder of how easy it can be for someone to take control of what you have online and impact you negatively. Always make sure your passwords are different and complex, make friends with a Password Manager, enable 2-factor authentication, and always check the site you are on is secure.

 

Consider this information data-shark repellent. Now you can surf the internet comfortably, knowing your surfboard is strapped to you with your new knowledge. Don’t forget to yell “cowabunga” when riding that massive wave of content!

 

Sources:

Jones, Caitlin. (2021). 50 Phishing Stats You Should Know In 2021. Retrieved from: https://expertinsights.com/insights/50-phishing-stats-you-should-know/

Strategy Marketing Agency. (2021). Why Web Security is so Important. Retrieved from: https://strategynewmedia.com/why-web-security-is-important/

Vojinovic , I. (2021). Save Your Data with These Empowering Password Statistics. Retrieved from: https://dataprot.net/statistics/password-statistics/