Your passwords stink
I bet that you use the same password for more than one account.
I bet you have a password that is on the list of 10,000 most common passwords.
I bet you don’t change your passwords regularly.
I bet you store passwords in your browser.
How do I know this? Because statistically, it’s true.
Why should you care?
Who would want to hack you? What are the odds?
Pretty good, actually. In 2014 half of all American adults (110 million people) were hacked.
What’s the downside of being hacked? Money and time. You’ll probably lose both.
Tutorials on what to do if you are hacked abound on the blogosphere. Here’s one with fun images. However, if you picture yourself having to follow this multistep process, it tends to lose it’s charm like a child actor hitting puberty.
How are all these people getting hacked?
Hackers are like two-year-olds. They are 100% focused on something and completely ruthless in achieving their goals.
Hackers are not like two-year olds. They aren’t going to be redirected by a nap or a snack.
Hackers are wily and innovative (if we could only harness this energy for good, right?). They will eavesdrop when you are working at a coffee shop, they will trick you into using their wifi and then record everything you do online, they will get malware and keystroke monitoring software on your computer by using malvertising, phishing, and spear-phishing.
Frankly, hackers care more about hacking you than you care about not getting hacked. Hacking you could be lucrative for them. Not getting hacked is just tedious for you.
1 oz. Prevention = 1 lb Cure
The good news is that you don’t have to be 100% secure, you just have to be more secure than the other guy.
Here’s how to clean up your action.
- Each account that needs a password should have a unique password. This way, if, for example, facebook gets hacked and your account information is exposed, it’s ONLY your facebook account that is hacked and you don’t have to go through every other account you have wondering if it’s been hacked and changing passwords.
- Use strong passwords. A strong password has the following characteristics:
- At least 15 characters
- Uppercase letters
- Lowercase letters
- Numbers
- Symbols (e.g. ‘!”’?$%^&*()_-+={}[]:;#@|\/<>,.)
- Use a password generator. Humans are not good at random and random is what will protect you.
- Use two-factor identification if it is available. This is annoying but effective. When google or yahoo asks for your cellphone number so that they can send you a one-time code for logging into your account, say yes. If your laptop is stolen you’ll be glad you did it.
Are you kidding me? I can’t remember a password like that.
Exactly. We’ve reached the end of keeping one’s passwords in one’s head. A password manager (NOT your browser) should be common practice. You will then only have to remember one password which will access all of your other passwords.
gC’s solution
At glassCanopy we’re using OneLogin to manage credentials for our accounts and for the accounts that our clients give us access to. This means that most of our staff never see your passwords. If we can, we use crazy-ass long random passwords (like this – %Y#k$*oou*1&t3O2). And we don’t store your passwords in a non-encrypted document labeled ‘passwords’ that we have to look for every time we want to update your blog. You’re more secure; we’re more efficient.
- Your passwords stink - June 3, 2016
- Pardot tutorial:Sending a delayed auto-response email - May 4, 2016
- Marketing Automation in the Danger Zone - April 14, 2016