Password Safety in 2020

Back in 2016 we released an article about staying safe on the internet. Fast forward to 2020 and not much has changed. People are still not using secure passwords. Hackers and criminals are still “cracking the code” because we tend to use weak passwords that are easy to remember.

Many internet surfers are still using the same password on multiple sites so when one gets hacked the security of many different accounts becomes jeopardized. All of the information from 2016 is just as relevant today as it was a few years ago.

Since we are updating the article we figured it would be fair to include a new tool to help you stay safe. Password Meter by safetydetectives.com creates passwords from words, that should be easier to remember. For example, the word “bachelor” will be 8@Che!0r – super easy to remember and receives a score of 92/100 (you need at least one password to remember as a master password, no?)

2016 Password best practices

Passwords, we all use them but are we actually safe?

Recently our web team updated our website’s payment gateway. This gateway allows clients to pay invoices and monthly installments securely online. Last week, our team updated the algorithm that checks for password security and ever since then we’ve had clients contact us to let us know that they’re unhappy. I have had multiple clients say “What’s the deal, I can’t use my favorite password because it’s “too weak” for your website —I use it on everything.”

At first, I thought nothing of it, that they had a weak password but after receiving more emails and calls saying the same I decided to have our team take a look to see if something was misconfigured on our end. They dug around a little, updated and closed the ticket. Everything was on par on our end — we are in fact helping clients to follow the best practices to keep them safe online.

While I was waiting for the team to investigate I decided to start doing some research of my own.

A secure password should contain:

  • (at least) 6-10 characters long
  • Include both UPPERCASE and lowercase
  • 1 special character ( # $ @ * )
  • 1 number

For years, I have had a tendency to use the same passwords on multiple sites but the Internet is evolving and everything is becoming less secure as the days go by. I have since started using  unique passwords  on all websites and updating old ones as time goes by. One of the articles I was reading while doing some research on the topic brought me to a website called How Secure Is My Password (https://howsecureismypassword.net). HSIMP is Sponsored by Dashlane Password Manager.

 

How secure is my password

 

Basically, this is a very simplistic website that allows you to type in a password using a search bar. The site returns an estimated amount of time for a computer to crack your password. One of the things I liked was that if you enter a weak password the site provides suggestions to help you understand why it’s weak and what to do to make it stronger. I used my trusty “everything” password and it was, in fact, secure but I’m also at risk seeing as I’ve been using that on multiple websites for years. I tested a few of the newer passwords that I’ve been using. They’re not quite as secure but easy for me to remember. I highly recommend checking out the site to see just how you rank.

Password best practices include:

  • creating unique passwords for EVERY site
  • Using combinations of words numbers and symbols
  • Using both upper and lower case letters
  • you should never use your network name as your password
  • try to avoid using easily guessed password such as “password” or “user”

 

You might think that your birthdate, Social Security number, phone number or a family member’s name is secure (and easy to remember) but those are an easy guess for people (not necessarily computers). Do you connect with people you don’t know on social media? They might be looking to get your information and that’s why using the above is always a bad idea.

Avoid words from the dictionary.

I was surprised (well, not really) to learn that password cracking tools including the “free ones” available online come with dictionary lists. They try thousands of combinations including names and passwords so try to avoid using “dictionary words.” Adding numbers inside of words as well as punctuation at the beginning, end, middle or a combination will help to protect you. Try to avoid using adjacent keyboard combinations like the all too popular QWERTY or 123456. They’re horrible and trivial to crack.

 

qwerty is an unsecure password

 

Some of the easiest passwords to remember are long but worth it. Maybe use words from a phrase or sentence such as the opening line of a joke or a quote you’ve memorized from your favorite book or novel (like The Hitch Hikers Guide to the Galaxy). As I mentioned, you should always avoid using the same password on multiple websites. if you struggle like most of us (including myself) to remember your passwords there’s a lot of really cool third-party services that can help safeguard your sensitive passwords like Dashline who I mentioned previously, Lastpass is another and lastly, 1password are a few of the many worth looking into. These companies store passwords in the cloud and secure them all with a master password. Seeing as this is a newer concept, a lot of people are hesitant and do not feel safe. The way I see it is — It can’t be any less safe than using the same QWERTY password on everything. I’m confident because this is their business and in order to continue to prosper, they need to build a reputation of trust in this uneasy digital world we live in.

If you still hate the idea of using different PWs on every site and want to stay away from a ‘cloud’ service than a local storage program might be worth looking into. They are installed directly on your computer. Some of the popular programs include PixelPrivacy,  Roboform, and Keepass. Again, take care to pick a strong master password, but one that you can remember; just as with the ever-popular Firefox master password option, if you forget the master password you are pretty much out of luck.

2015’s most popular passwords

I had also hopped over onto Gizmodo and I was looking at the 2015’s most popular passwords. It was a pretty read that came out in January 2016. Looking at the list many of the generic passwords ranked like QWERTY and 123456 coming in at number one.  I was blown away seeing “password” (all lower-case) coming in at number two — who does that anyway? I was surprised to see a few assumably unique passwords on the list including; dragon (16), monkey (18) and my favorite of all, starwars (25). You can check out the whole list here.