Improving Password Habits
A 2016 survey described US employees as “drowning” in passwords: The average respondent had a whopping 1911. These days, passwords are required for everything from frequent-flyer programs to toothbrush subscription services, and many are linked to accounts that contain valuable financial and personal information. Criminals breach millions of records daily, and trade/sell them in an underground business. And here’s the crucial fact: If you’re among the 59 percent of people who reported that they reuse passwords across multiple accounts2, a hack at the toothbrush company doesn’t just mean someone orders extra refills on your dime; it means hackers can try that login for your email, bank account and other password-protected sites where you use the same ID.
Don Boian, Chief Information Security Officer at The Huntington National Bank, has witnessed the aftermath of major breaches at other companies. “We block a lot of hacker traffic that comes at us a short period of time after breaches at other sites. The hackers try all the [stolen] user names and passwords from those sites.”
The first rule of online security today is that all passwords should be significantly different. (Notice the word “significantly:” basic tricks can be easily guessed.) The second rule is that passwords should be complicated3. (Crooks use software that can make millions of guesses per minute, so simple passwords crack quickly.) Unfortunately, a recent survey says that although almost 90 percent of us know that password hacking is a threat4, only half of us have changed a password in the past 12 months5.Why You Should Care About Your Passwords
Hackers know that: 1) we are bad at creating complex passwords and 2) it often takes only one compromised login to get access to multiple accounts. “The same way you get up and go to work every day, thousands of people around the world get up every day and work at getting your data,” says Chuck Peirano, Chief Fraud and Security Officer at Huntington.
Damage from a stolen password isn’t limited to a fake credit card charge that you can get reversed. Hackers can assemble stolen data from multiple breaches into one profile, which makes it much easier for them to steal your identity and wreak real havoc—in real estate alone, there could be mortgages taken out in your name, or a wire transfer hijacked during a close of sale. If someone gets into your email, they could send people on your contact list scam emails that look like they’re from you.
“You might never anticipate the damage one weak password may cause,” says Mark Burnett, a security consultant and author of the book Perfect Passwords: Selection, Protection, Authentication.6
Improve your password security
Are you a feeling a case of password anxiety coming on? Here’s the good news: The solution isn’t to worry about passwords more, it’s to worry about them less, by following a few basic rules. Read on to find out:
Is your password secure?
Please note that any information you input is not stored or shared. A username is not required to check a password’s strength.
1 “The Password Exposé: 8 truths about the threats –and opportunities –of employee passwords,” LastPass, page 8 and 9.
2 “The Psychology of Passwords: Neglect is Helping Hackers Win,” LastPass, Page 7.
3 “Choose better passwords with the help of science,” The Conversation, Lorrie Cranor, 8/30/2017.
4 “The Psychology of Passwords: Neglect is Helping Hackers Win,” LastPass, Page 4.
5 “The Psychology of Passwords: Neglect is Helping Hackers Win,” LastPass, Page 15.
6 Mark Burnett, E-mail interview, 4-25-18.
Third-party product, service and business names are trademarks and/or service marks of their respective owners.
Still Have Questions?
If you can’t find what you’re looking for, let us know. We’re ready to help in person, online or on the phone.
24 hours a day, 7 days a week.