3 reasons why your password sucks (and how to fix it)

We recently took to Facebook live to warn about the dangers of insecure passwords and offer you a way to be more secure online.

13-minute read

Each week we ask the members of our free Facebook group a question to help the community get to know each other. We love reading through your responses and seeing how supportive the community is to each other.

This week we wanted to know what they considered to be the most valuable thing they own. As always we received some really great answers, such as…

  • Tibetan singing bowls – Kathryn
  • Wedding photos – Janice
  • 3 hours of daily ‘me time’ – Sudhyasheel
  • Passport & photos – Lisa

While some of them were more obvious than others (I’m sure many of us have photos that are dear to us), it was touching and inspiring to see what our members valued.

But out of all of the answers we received there was one thing which nobody mentioned…

Their passwords.

It’s probably not the first thing that comes to mind – perhaps because they aren’t a physical item? – but our passwords are critical for securing many parts of our public and private lives.

Our founder, Cat, recently sat down with our group to discuss the importance of passwords.

Cat shares why she thinks Lastpass is a winner in our free Facebook group

Today, we’ll look at three reasons why your passwords suck (probably). Here goes…

1. It’s too common or easy to guess

For many of us, we know that passwords are essential but that doesn’t stop them from being an inconvenience. Even if you only use a handful of services online you still have a bunch of passwords to remember.

Sometimes, easy to remember passwords are easy to guess passwords – but this isn’t always the case.

Your password could be easy to guess for a number of reasons, perhaps it is the name of a loved one, a pet or a place you have fond memories of. Ask yourself:

Could someone guess your password from the things you share online?

If your password is the name of a family member, could someone figure this out by taking a quick look through your Facebook profile?

Don’t change what you post to social media (I’m sure you’re friends and family love to see what you’re up to), instead change your password.

Perhaps your password has no connection to you or your relationships? While this may be a better approach it can still mean that your password is too common. It could be a number, a thing or a word such as:

  • 123456
  • password
  • letmein

These examples are taken from a list of the top 25 most common passwords of 2017, is your password on the list?

Here’s the shocking part…

The list of the 25 most common passwords is compiled using information obtained from real data leaks. This means that these passwords are real, have been stolen and have been made available for others to abuse!

2. You use the same password

Another mistake when it comes to keeping your online accounts secure is using the same password for multiple services/websites.

We were recently alerted to an incident with one of our Alliance members that believed their website had been hacked. Our team sprung into action and began investigating the issue.

Something clearly wasn’t right.

The website looked mostly the same but there were some strange blog posts which we didn’t recognise. They had titles like:

  • Costco Pizza Inexpensive Lasagne, but is it Worth It
  • APA essay that is reflective: learn details and produce your action plan
  • Characteristics of Russian Brides

Upon further investigation there were additional users added to the site that also shouldn’t have been there. Without a doubt the site had been compromised, so we got right to work cleaning it up.

Did some sneaky hackers crack the website password?

It turns out that the website was hijacked and being used as a way to make other websites appear more credible. By writing articles and linking out to a specific website, search engines like Google would think that the linked website is a valuable resource. The idea is that this would help the website show up more in search results – but this is a whole other topic.

The worrying part is that the people responsible for turning the website into a link-farm didn’t need to do anything fancy to gain access to the website. They had gained access to our members email account and within there they found other usernames and passwords in plain text.

A quick copy & paste and they could use this set of details to open up all kinds of doors.

But how might someone gain access to your email account in the first place?

3. You’ve already been breached

Do you know if your account information has been shared online? Would you know how to check if it had?

We once believed that we needed a strong password to prevent hackers from trying to brute force their way into our accounts. Using special software that tries different combination of words to guess your password, they could eventually find their way into our accounts.

While this is still possible – and the reason you should use a mix of letters, numbers and symbols for your passwords – there is a much more likely way that someone could gain control of your account.

No company knowingly allows their customers information to be stolen but it happens.

There are some people out there who see your data as an opportunity to make some quick cash or stick it to society. Your data could be stolen along with thousands of other users and then posted online or sold to the highest bidder.

If you use the same password for several services this data breach becomes much more damaging. If, however, you use the same password for everything then you might just be handing someone a master key to your entire online life.

Check your accounts now

1. Go to https://haveibeenpwned.com/ and type in your email address.

2. Hit the ‘pwned’ button to search and see the results.

The results are in and… uh oh! My personal email account may have been part of a data breach.

This is not a mock-up. My real details have been leaked and are out there somewhere.

Scroll down to see where the breaches took place and when.

You’ll see a list of companies/services along with what exactly has been compromised.

Here you can see that in May 2014 the URL shortening service Bitly was breached and email addresses, passwords and usernames were stolen.

Remember when we said using the same password was a bad idea?

Now you should understand why.

That said, it’s important to know that just because your information has appeared in a breach doesn’t mean all parts of it have. Sometimes a breach is just your email address, or a name and address. One thing is for sure though: if you have been involved in a breach then it’s a good idea to take precautions.

How to strengthen your security

Fortunately for me (and my poor Bitly account details) I have used a password manager for many years. I originally started using one so that I didn’t have to remember my password and I didn’t have to type it out each time I wanted to login to a site.

My quest to make my life easier has probably saved me more than a few times.

So my Bitly account was compromised but my password would have been 100% unique. Just a random mix of letters, numbers and symbols created by my handy password manager. A key that fits only one door.

Around the time of the breach my password manager alerted me and I was able to change the login details. My old login details may still be out there in some dark corner of the web, but they are no longer valid.

What could have been a stressful situation was little more than an inconvenience.

Now, this won’t always be the case and sometimes these breaches can be quite serious – anything that includes credit card numbers is guaranteed to get my heart pounding.

Password managers are a great way to stay organised and limit the damage that a data breach can cause. We swear by them and have even created some handy guides to help you get started for free.

If you’re new to password managers and want a quick overview of how they can help, check out the Facebook live video where our founder, Cat, talks through the basics.

Cat shares why she thinks Lastpass is a winner in our free Facebook group

 

How secure are your passwords?

Are you guilty of using the same password again and again? Did you find your account information had been involved in a breach?

Leave a comment below and let us know how your passwords stand up to scrutiny.

Brett Worth

 
After moving to Bangkok on a whim in 2012 Brett became involved with a variety of non-profit organisations. A self-taught marketing, design and technical expert, he returned to the UK and uses his varied skill set to help good people do more good.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

What could you achieve with the right help?

If you are serious about making an impact through your work, we are serious about helping you make it bigger.

GET STARTED NOW