The 2013 Verizon Data Breach Investigation Report (DBIR) told us that guessing, cracking or reusing passwords led to approximately 80% of data breaches involving hacking and the 2014 Verizon DBIR report remains full of caution related to passwords.
Convinced that we need to work on improving our passwords, consider the advancement in technology: Cyber criminals have programs that automate their ability to guess passwords which is commonly referred to as a brute force attack. As technology advances, processing power increases which makes brute-force password cracking programs able to guess longer passwords in a shorter amount of time. In order to protect yourself, your job is to make your password difficult to guess yet easy for you to remember.
Our advice? Passwords such as 12345678 or Password or Computer1 are easy to remember but are also easy targets for hackers. Use the first letter of each word in a sentence that is easy for you to remember but results in a long and more complex password. Capitalize some of the letters and include symbols and numbers. For example, My grandson Was born at 6:10am in August. MgWb@6:10amiA is a long password (more than 12 characters) that would be difficult to guess but easy to remember. For highly confidential information The SANS Institute recommends a minimum of 15 characters. Do not use personal information easily found on the internet and social media websites such as your pet’s name.
A common way for cyber criminals to steal your password is to infect your computer. Make sure your computer is protected with anti-virus and automatic updating is enabled to ensure you have the latest anti-virus available.
Use different passwords for different accounts. For example, never use the same passwords for your work or bank accounts as your Facebook, YouTube or Twitter accounts. If you use only one password everywhere and someone gets the password, you have a problem. If you use different passwords and one of your passwords is hacked your other accounts are still safe.
Never share your password. Remember it is a secret.
If you have further questions regarding data security or risk advisory, please don't hesitate to contact me, Brenda Brigman, at firstname.lastname@example.org or (901) 685.5575.