I talk about website security and technologies quite a bit with what I do developing websites at the agency I work for, things like SSL, encryption and obfuscation. I also believe the foundation for a safe and secure online digital life is a proper password, one that can actually protect you.
A password is like a key to your house. Bad things can happen if it falls into the wrong hands. But the same thing can be said if you just leave your doors unlocked all the time too. Using a passwords like “111111” or “password” is basically leaving your doors unlocked, especially when used on laptops, company email, vpn connections and websites.
But that would be ridiculous in this day and age after almost 17 year later into the digital revolution of 2000 right? We’ve been overwhelmed with big hollywood hacker movies, weekly bombardments of news about some sorry company being hacked and held for ransom, or the latest social media platform who’s users data was stolen. But this week security firm KEEPER released a list of the 25 most popular passwords compiled from all of the various leaked and hacked company data, email accounts and social media logins that have been posted online over the last year (2016). This blows my mind. Here are the top 10:
All the the money in the world used to implement a secure environment is immediately compromised because someone in accounting changed their website login to “password” or their laptop login to “111111” and hung it on a post-it note on the cubical wall because it was easier to remember this way.
Are you kidding me? This mentality doesn’t hold up when your entire network gets held for ransom by some hacker in india who’s requesting ten’s of thousand’s of dollars from a business by braking through that one insecure users hole in the digital armor.
If your in IT, software design or implementing IoT applications, lets make a concentrated effort this year to make the world a better place.
One, lets start by requiring our software and users to have passwords of at least 16 characters. Part of this would be not allowing common dictionary words AND looking at security firms data and banning passwords on weak password lists. Optionally we could enforce a random password of mixed case, character and special characters too.
Secondly, we need to continue educating people. You can’t fix stupid these kinds of security holes without informing people the risks and then enforcing them. Most people don’t even realize the long lasting implications of their actions. Did you know that insurance companies are starting to write in clauses that exempt them from online digital theft if a person or company is found to have used an insecure password. That changes things drastically when you find out your email was hacked and they somehow got access to your bank accounts or medical records.
Lastly, two step authentication has been gaining steam over the last two years, but it just needs to become the new normal for our online lives. Even if an account is compromised, hackers would still need access to your phone to access any information, and you’d have an instant warning that something was awry.
A good online digital life is a secure life. So stay safe from the hackers this year by using strong passwords with two-step authentication and educate others by spreading the word.