Why should you change your password? Good question!
You should change your password because hackers know that as a general rule, most passwords are weak and fairly easy to crack. It’s true, so ease of access and weakness equal a payday for professional hackers.
Not only that, but hackers also know that when you do change your password, many people only make a minor change to their existing password so it’s easily remembered. As an example, people will only change the number 3 to number 4 in their password, thinking it’s easy to remember! And it is easy, but it’s easy for a hacker too! And therein lies the problem with a ‘minor’ change.
Human nature is very predictable, and hackers prey on our human nature.
Hackers depend on this predictable behavior to steal.
So, you must change your password.
How often you ask? About every six months.
What do we accomplish when we change passwords?
There are many benefits to changing your password regularly. Here are four reasons according to the IT folks at Carleton University:
1. Limits breaches to multiple accounts
Reusing your existing password outside of your company increases the risk of access to several accounts if your password is hacked. Change your password to something unique for each of your accounts. For example, do not use your Facebook password for your company account.
2. Prevents constant access
A hacker may try to access your account more than once over an extended period. Changing your password reduces the risk that they will have frequent access.
3. Prevents the use of saved passwords
If you lose or change computers, it is possible someone may gain access to your saved passwords. Consistently changing your password means that even if someone finds an old, saved password, it will no longer be useful.
4. Limits access gained by keystroke loggers
A keystroke logger is a surveillance technology used to record the keystrokes we make on our keyboards when we’re typing.
Keystroke loggers are often used to steal login credentials. Regularly changing your password makes it less likely that passwords obtained this way will be useful for any length of time.
Hackers are your opponent. You must know your opponent.
So, let's chat about hackers. Specifically, hackers that use cracking software, software used to figure out your password.
Password cracking is the method of employing various techniques and tools to guess, methodically determine, or otherwise obtain a password to gain unauthorized access to a protected resource. Cracked passwords are the reality.
People steal passwords for some form of gain, and it happens all the time.
Hackers attack in many ways. The following is a brief sampling, four examples, of how hackers do what they do:
Smart guesses - The easiest method to gain your password is to guess it. Many hackers simply try the five most common passwords for a particular system.
They might also try a blank password and a password that is the same as the username.
If they get nothing, they just move on to the next account and keep trying until they find the accounts with weak passwords.
Dictionary Attacks - A dictionary attack involves making a list of words, often from a dictionary, and trying every word, and sometimes combinations of words,until a valid password is found. Wordlists are available on the Internet at Web sites such as http://sourceforge.net/projects/wordlist.
Brute-Force Attacks - Brute-force attacks are more tedious but more complete versions of dictionary attacks. Brute-force attacks also involve trying millions of passwords, but they work by trying every combination of every letter and every punctuation symbol until a password succeeds.
Social Engineering - Sometimes, a hacker can get your password simply by asking for it. Although it is perhaps the oldest trick in the book, social engineering is still quite effective.
And according to Thytoctic, since 80% of all cybersecurity attacks involve a weak or stolen password, we must make it harder for hackers to steal our passwords. If you think about it, it makes sense.
Time to wake-up and take passwords seriously.
We are writing more and more blog posts about cybersecurity issues for small businesses. Why? Because the number of attacks against businesses of all sizes continues to grow year after year. We see it all the time.
Many of these attacks would not happen if businesses took this issue seriously. But many do not. I have personal friends who own their businesses who tell me, “My business is too small for someone to hack.” They could not be more mistaken.
The most effective way to defeat password crackers is to use strong passwords.
If your password is long enough, random enough, and does not contain personal information, obtaining your password using the most common techniques would be extremely difficult.
A strong password is essential in this world.
It is not unusual for a password-cracking tool to be able to search through a million passwords per second— almost a hundred billion passwords a day.
You need to make cracking your password so difficult that no one will have the patience or resources to do so.
Passwords are secrets, and your best passwords should be your best-kept secrets.
Nevertheless, passwords age and old secrets are poor secrets. Eventually, your password will expire.
The system that handles your password may or may not force you to change an expired password; however, as with all expired items, you should discard it.
Credential stealing is more and more common and is prevalent throughout the world. Help keep your credentials safe by changing your password regularly.
You’re probably an honest, hard-working person. You don’t think like a thief. But you need to protect yourself from professional hackers. A successful Ransomware attack could close the doors of your company.
Password security depends greatly on your attitude and caution about security. If you are careless with your passwords, you can probably count on an attacker stealing from you someday.
DTS InfoTech can help
We’re good with passwords. Seriously, we are. We use them all the time, so do our customers, friends, and family. Everyone uses passwords.
On the other hand, most small businesses do not have the expertise, technical resources, or time to understand all this password, cybersecurity, and technology stuff. If this describes you, we can help.
If you would like more information, please give us a call, we’re always happy to chat, and the call is FREE!
Return to: Passwords
Dedicated to your success,
Business Development Manager
dts|infotech . . . secure computer networks that work