Cyber threats continue to proliferate at an alarming rate, and everyone who lives in the digital age is more concerned with online security than ever before. Still, there is a gaping security hole putting many people at risk – and it’s one that plenty of users believe they have already covered: Insufficient password protection practices.
There may be a few people out there who have a flawless record of using strong and varied passwords for every online account they’ve ever used – but they are a rare breed. A recent study from the Cloud Security Alliance found that stolen usernames and passwords continue to cause almost a quarter of all data breaches.
Password management is an area where just about everyone has room for improvement. Here's a list of five straightforward ways to make sure your passwords and online accounts stay out of the hands of cybercriminals. If you're a Carbonite Partner or a small business, I hope you'll share these tips your co-workers, employees and clients. And if you're a consumer using a Carbonite Personal Plan, be sure to share these tips with friends and loved ones.
1. Find out if you've already been hacked
There's always a chance that your account information is already in the hands of cybercriminals. Fortunately, there are some tools available that can help you identify and change the passwords on any accounts that have been compromised. For example, the website “Have I Been Pwned” lets you enter your email address and find out if any of your account credentials have shown up in hacker circles. You can search a list of companies that have suffered data breaches at the Privacy Rights Clearinghouse. You can also consult the "List of Data Breaches" on Wikipedia, which is searchable using your web browser’s “Find” or “Search” function. Above all, be a bit suspicious and trust your instincts. If you have reason to believe a password might have been exposed, change it.
2. Use strong passwords
It's important to use complex passwords that will be difficult for hackers to guess. Just remember that adjacent sets of adjacent letters and numbers on your keyboard – like "qwerty" or "123456" – are not complex passwords. The best passwords typically include a combination of uppercase and lowercase letters, numbers and special characters. If using complex passwords seems like too much of a pain, consider a password management tool like DashLane or LastPass. These tools help users create, store and manage complex passwords.
3. Don’t let the bad guys get your passwords
This might seem obvious, but you might be amazed at how many people keep their passwords posted in places where others can read them. You should never share your passwords and always store them in a secure location away from prying eyes. Also, don't keep your passwords – or any sensitive information for that matter – listed in a computer file that is easily accessed without a password. Any password lists on your computer should be password protected and encrypted.
4. Use secure communications
Never send a password over email. If you want to create an account on website, make sure that the URL of that website begins with 'https' because the 's' at the end indicates advanced security measures. Websites that begin with "http" are not as secure. Additionally, do not use public computers or public Wi-Fi to log into online banking and other sensitive accounts.
5. Choose difficult security questions
When registering an account online, you'll often be asked to choose security questions and answers. These are used to verify your identity if you lose your password or if a security breach of some kind is suspected. The key here is to choose questions that are hard to figure out. Remember, just about anyone can find your mother's maiden name if they really want to. Avoid using information that someone can easily look up online. For example, you wouldn’t want to rely on information that can be seen easily on a social media profile to inform your password choice – such as name of spouse, hometown, employer.
Hopefully you have found this article helpful and you’ll take a few steps to make your own password use more secure starting today.
Want to learn more? Read my recent LinkedIn article about password protection best practices.
Chris Doggett is Senior Vice President of Sales at Carbonite.