Your passwords are the key – literally

Security… security… and more security….  It’s all you hear these days.  Security concerns from every side.  Everyone is always banging on about it and it just seems like it’s too much to handle, especially considering how fast everything is changing these days.  How is one supposed to stay on top of it?  The truth is, it can be hard to keep up – even for those of us who deal with these things on a daily basis.  So where to start…..

One of the biggest issues responsible for lack of security these days is a very simple thing.  It’s the tendency to think “ah sure, it will never happen to me!” – i.e. people thinking that it’s ok to use the same password for practically everything.  The fact is, this is one of the most dangerous decisions you can make.  It’s the driving factor behind the majority of the “phishing” emails going around – you know the ones, they look sooooooo real.  They present a legitimate looking request, designed to almost perfectly replicate the branding of the business they are impersonating, and they catch a lot of people.  The thing that most people don’t realise is this: they’re not really interested in your Facebook password.  What they’re interested in is your password.  To put it bluntly, they know that if they get you to enter your password once, they’ve probably now got access to a lot of services you use, because you probably use the same password everywhere.

Even worse, there’s still a dreadful pattern of people using very simplistic passwords.  Why? Because they’re easy to remember!  The majority of people still can’t be dealing with having loads of passwords, or even different passwords for everything, let alone having to use secure passwords on top of that!

However, the most serious of all is the one that many people don’t even know they have.  Their email password.  It’s incredible how many people don’t even know they have a password for their email account!  Why?  Because it’s saved when they first enter it and they probably never enter it again.  This is so incredibly dangerous because that password could be 10 years old, from well before the time when “secure” passwords were even a thing!  These are the ones the hackers love, because they can literally “brute force” these passwords.  Yes, it’s just like it sounds.  They push their way into your email account using brute force, much the same way as they would push the door open to your house.  Once they get that password, you’re in real trouble… and here’s why:

Even if you use secure passwords for everything else, your email password is the key to everything.  Think about how many services you’ve signed up to over the years.  Facebook, Instagram, Twitter, Google, YouTube, Netflix, Apple and probably hundreds more.  Each time you sign up to a service, you give them your email address (which is usually your user ID to log into that service).  It’s what they use to help you reset your password if you forget it and get locked out……. uh oh.   So that means that if someone has the password to your email account they can go to any of these services and request a password reset.  They can then log into your email account, click the link, reset the password for that service and delete the email from your email account so you never even know they’ve done it.  Now they’ve got access to that service and you’re none the wiser!  It’s a nightmare.

So all of this probably sends shivers down your spine, and so it should.  But you can protect yourself by using some very simple techniques.

  1. Use secure passwords.  That doesn’t mean a scramble of number and symbols that not even a computer can remember!  A long password is just as secure, if not moreso, than a complex password.  Use a sentence with multiple words, capitalise some letters, include some numbers and a symbol or two if you can.  Something like:
    ApplesAreGreatFor-Cider!
    It’s long, it’s got upper and lower case letters, it’s got symbols and it’s easy to remember!
    There are great “secure memorable” password generators out there if you look for them, like this one for example: Springhole.net
  2. Change your passwords regularly.  Don’t use the same password for years.  Change them every few months to keep the hackers on their toes.  It takes quite some time to brute force a password and it depends on the password remaining the same.  If you change it, they have to start again (and they don’t even know it!)  Even if you don’t change any others, make sure to regularly change your email password!
  3. Never, ever re-use your passwords.  Use a different password for everything.  For every service, email account, bank account, whatever it may be.  Use different passwords for everything!

So now that you’ve go this far and you realise that you’re guilty of some, if not all, of the above, and you know what you should be doing – you still won’t do it.  It’s too hard, it’s too much effort and you’ll have to remember which password if for which site, meaning you probably need to write them all down.  This is where most people fall down.

The solution?  It’s actually very simple and will revolutionise your digital life.  Use a Password Manager.  It does all of the above for you, and much more besides.  You’ll wonder how you ever managed without it!  If you’re interested in exploring this further, just drop us a line today!