We hate to break it to you, but your password security habits have been weighed and found wanting. No, don’t give us that look—you know deep down in your vastly unsecured inner thoughts that it’s true. It seems that almost every day we’re hearing of another major security breach. If you haven’t been affected yet, you’re either very lucky or very lax about checking in on your security and just haven’t realized it yet. Password security becomes more important with each passing day, and we’re here to help. We’ve put together several tips and tricks to help you secure your accounts against a future hack.
Why Password Security Is so Important
If someone gets ahold of your Netflix password, well, Netflix doesn’t overly care and you might not either unless you have a carefully curated algorithm going. So why should you care about password security? Think outside of your binge-watching habits for a moment.
Are you an admin at your company? If your password is simple, then you’re putting the entire company at risk. Or in the case of one Twitter staffer in 2009, your weak password compromises several prominent accounts on the platform.
A classic and simple program run overnight allowed one hacker access to an admin Twitter account with the ability to change every user’s password. The hacker then reset and distributed passwords for popular accounts managed by Barack Obama, Britney Spears, and Fox News to other hackers. On Twitter’s end, this was possible because their security didn’t throttle invalid password attempts on their accounts. This is why if you have administrative access at your company, it’s particularly important to follow smart password procedures.
Maybe you work at a company that handles social security numbers, and your lax password protocols factored into one of the worst cybersecurity attacks this century.
Or let’s say you work for the federal government, and despite the high security clearance you have, you still have your dog’s name as your password. Pretend Jason Bourne movies are real for a second and think about what could happen.
Or maybe you’re the world’s richest man and your intimate phone conversations fall victim to tabloid extortion. You see where we’re going with this. Password security is important. And not just for VIPs, either. How many smart devices do you have? The Internet of Things is growing (200 billion connected devices by 2020) and so are the risks with it. The Atlantic even set up a hacker honeypot, thinking it would take days if not weeks for a hacker to bite. It took 41 minutes. Getting hacked—anyone getting hacked—is an inevitability, not a possibility.
Data breaches are embarrassing. They’re expensive. And they’re more common than you think. As the world gets more connected and the IoT grows, the holes in our security net only stretch wider.
Need some stats? Right now, there’s a hacker attack every 39 seconds, and 43 percent of those target small businesses.
This year alone, it’s estimated that cybercrime will cost businesses over $2 trillion. That’s a hard bottom line to ignore when 95 percent of cybersecurity breaches are caused by human error. Don’t blame the IT department—your lazy password habits are your company’s weakest link.
In the words of one of the greatest Aurors of our time: “Constant Vigilance!”
The Evolution of Password Security
Escalation is the natural order of things when two parties are at odds with one another. Commissioner Gordon sums it up fairly nicely:
It’s the same with online security and hackers. When we make stronger passwords, hackers write better algorithms. We have to play a constant game of cat and mouse to keep ourselves protected online. Gone are the days of using “password” or “Fluffy12.”
At least one capital letter and number? We’re way past that.
We’ve entered an age of passwords so complicated we can’t possibly remember the random conglomeration of letters and symbols and phrases for each of our accounts.
Enter convoluted passphrases and password managers. Popular Mechanics explains the ups and downs of password managers—and why you should still definitely use them.
Even Google wants to call you out for your terrible passwords. There’s a Chrome extension called Password Checkup that lets you know if any of your usernames or passwords are jeopardized. If Nest, Google’s smart home operation, thinks your password is compromised, it locks you out. Notably, Google failed to mention if this new security measure was in response to an attack on their end—but that’s par for the course with major companies and cyber attacks.
Biometrics have jumped off the sci-fi screen into our everyday lives now, too. Your face is your password to your phone; your fingerprint opens up your financial apps. We’re not quite at the level where biometrics replace passwords but smart devices are forging ahead on this technological frontier.
How to Create a Secure Password
Let’s get the basics out of the way. The It’s-2019-why-are-we-still-explaining-this level of password basics.
Don’t make it disturbingly simple. Or short. (Looking at you, 1-2-3-4 people.)
Don’t use the same password everywhere.
Don’t write your passwords down.
Don’t be a n00b: case sensitivity is your friend, so use a mix of characters.
Now that we’ve got the basics out of the way, let’s jump into today’s password tips and best practices.
Use a Secure Password Manager
One of the best ways to keep your online accounts secure is to use a password manager. Try LastPass, 1Password, or Dashlane. Digital Trends put together a fantastic list of the best managers to use in 2019, and if you don’t already have one, we suggest you hop to it.
Most secure password managers also have password security checker tools, so you can double-check that you’re on the right track to secure passwords.
Don’t Use a Questionable Online Password Generator
If you’re using a password manager like LastPass, it’ll generate passwords based on your guidelines. But do not use any old website that claims to be a secure password generator. You have no clue how secure the site is, if it stores your passwords, if the passwords are actually random, or if they’re flat out pwning you. Have you been pwned? Find out.
If you’re using an online password generator, vet it to make sure it’s secure. Or find one that functions offline and be sure to clear your cache when you’re done.
Use a Passphrase, not a Single Password
Blockchain wallets have it right—use a string of several randomized words rather than a traditional password. Don’t use a common phrase though, that’s hardly different from using a dictionary word. Can’t think of one? Have your secure password manager generate some for you.
Don’t Constantly Change Your Password
Many companies require employees to change passwords on a regular basis. It used to be that changing up your password was a standard procedure in cybersecurity, but recent reports say otherwise.
Remember that statistic about 95 percent of hacks resulting from human error? Besides the steep monetary losses from wasted labor resetting and entering passwords, people who regularly have to come up with new passwords are likely to reuse old ones, write them down, or use very simple passwords they’ll easily remember. Pure gold for any potential attacker.
Yes, change your passwords when necessary. No, don’t do it every 90 days.
Use a Different Password for Each Site or Account
Too much trouble to remember? Good, that’s the point. Use a password manager to keep track of them all. Because if one site’s password is leaked, then any site with the same password is compromised.
Use Multi-Factor Authentication
Biometrics, two-factor authentication, tokens—take your pick. Someone can hack your password, but unless they have your device on hand to confirm access, they’re out of luck. It’s a matter of time before this escalates to another level, but for now, having extra layers of security don’t hurt.
Don't Share Your Password
Of course, there are exceptions to the rule, like a shared account at work. Just be sure to change the password if anyone on the team leaves the company, and do it immediately.
How to Change Your OnSIP Password
For those of you that are administering OnSIP accounts, this security is essential. Can you imagine the damage that a malicious user could do to your company if your account were compromised? Our interface gives the ability to route your company's phone numbers, set up your auto-attendant, and manage users, so a malevolent user could easily delete all of those things (or worse, reroute them to something really inappropriate).
Without security, any system becomes unusable. We cannot stress it enough. To change your administrative user password with OnSIP, log into the Admin Portal, then click on "Account" and click "Change admin password."
Individual users can change their passwords as well to prevent fraudulent international calls. To do so, open up the OnSIP app in your browser and click “Forgot Password?”.