Practice Good Password Security Habits and Teach Them to Your Children, Part 1
By Jonathan Sanders
Imagine that one day you observe your neighbor exiting his home and locking his front door with a key. After locking the door your neighbor reaches up to hang the door key on a hook that’s the same height as the top of the door.
You ask your neighbor, “Why are you leaving your door key right next to your door? Aren’t you concerned that someone will just take the key and break into your house?”
“Not really, only someone who knows the key is there and is as tall as me can reach the key. By leaving the key here I will never lose it and it is conveniently located exactly where I need to use it.” replies the neighbor as he walks away from this front door.
If you saw someone act like this, you would think him an utter fool who probably deserves to get his house robbed just to teach him a lesson. And yet, I observe so many people take just such a careless approach to securing their computer/phone/internet accounts.
So much of our modern lives require us to create user accounts and passwords to securely use important services. Of course, humans find it difficult to remember complex passwords, so we take shortcuts to make it possible for us to remember the passwords for all the different accounts we must manage. Some of the worst practices that people exercise on account security:
- Reusing the same password (or a slight variation) for multiple accounts.
- Creating passwords based on easily guessed personal information.
- Storing account information insecurely such as:
Writing it down on a piece of paper and hiding the paper underneath your keyboard.
Storing the information on an unsecured file on your phone/computer.
Saving the information in a browser with a weak password.
In the Part 1 of this series of articles, I will explain why reusing the same password for multiple accounts is as careless as leaving the key to your house outside your front door. In future articles I will discuss password strength and secure storage of your passwords.
Nearly everyday I see news of data breaches from governments and private companies all over the world. Hackers are continually searching for payloads of account information that they can sell and exploit for profit. There are market places on the internet where people buy and sell millions of account details taken from data breaches. The people that buy the account information use the data to try access related accounts. This is why reusing the same password on multiple accounts is so dangerous. If your data is taken from a data breach on one site it may be used to easily access a higher value account on another site.
The first thing that you should do after reading this article is go to this website: https://haveibeenpwned.com
Enter any email addresses that are associated with any of your accounts and find out if that account information has been found in any known data breaches.
If the search returns any results for the email you entered, you should immediately change the password to those accounts. You should also make a habit of checking this site every 30-60 days as new data breaches happen all the time. If you have school aged children, you should also do a checkup on their accounts. Have them sit down with you at the computer as you review their accounts so that they can learn about the importance of doing this for themselves. If you don’t see any results from your search, congratulations your account information has not been found in a KNOWN security breach. You still need to be vigilant and practice good password habits to protect your data.
Be sure to look for Part 2 of this article where you will find tips about making strong passwords that are resistant to the tools that hackers have developed to quickly guess account passwords.