As October is National Cyber Security Awareness Month, I’ve been spending some quality time considering my passwords. I try very hard to protect myself and my Personally Identifiable Information (or PII) online; and while web hosts, online vendors, and high-profile corporations like Marriott, Chase, and Apple all promise the best in cybersecurity protection, the first line of defense against hackers truly is us, the consumers of today’s modern technology. I would be the first to say we demand more from online providers in light of the infamous Sony hack of 2011, but in 2012 it sees that the greatest delinquent in lax security is the user.
This summer, Yahoo! had fallen to hackers, resulting in over 450,000 usernames and credentials exposed to the Internet. The intent of the hack was to raise awareness on corporate security and its vulnerabilities; but as CNET discovered in their own investigation, the hack also served a painful awareness on how lazy users were with their passwords:
- The number of times “password” was used as the password — 780
- The number of times “welcome” was used as a password — 437
- The number of times “000000” was used as a password — 71
- The number of times “111111” was used as a password — 160
- Number of times a sequential list of numbers (such as “123456”) was used as a password — 2,295
What makes this a truly alarming statistic is that this is in 2012. Not last year. Not even five years ago. This comes from just four months ago. Perhaps passwords are perceived as a hassle and inconvenience in today’s “plug-and-play-and-get-it-yesterday” expectation. The bother, however, in remembering passwords pales in comparison to recovering an identity and repairing a credit history.
One way to make passwords slightly easier for yourself: use passphrases instead. Passphrases are passwords made up of statements that only you would know and remember, near-impossible for a thief to guess, and easy to remember.
Here’s how easy it is to come up with a passphrase:
Step 1: Pick a statement or remark that is truly personable to you. As an example, let’s say you are a fan of the Baltimore Orioles. You can say your statement is “I believe in the O’s!”
Step 2: Strategically swap out letters with numbers and (if allowed) special alphanumeric characters. “I” becomes “1.” The “l” becomes a “1” or an exclamation point. The “O” becomes a zero.
Step 3: Remove the spaces and capitalize the first letters of individual words.
Now, the easy to remember sentiment “I believe in the O’s” looks like this:
You have just created a sixteen-character length passphrase that you and only you can remember. While any password in theory can be cracked, this provides a much harder combination than say “111111” or “password” for a first layer of defense.
Passwords are only part of creating for yourself a multi-layered security plan, be it a personal or professional network you are looking to keep out of the hackers’ crosshairs. October is far from done, so take a moment to consider National Cyber Security Awareness Month and ask yourself how you protect your PII online.