Passwords play an important role in our digital presence; they serve as the main gatekeeper in preventing unauthorized access to our personal information such as financial accounts, health records, and emails.
Even though consumers are more aware than ever about the risk of data breaches, weak passwords are still prevalent. World Password Day, celebrated the first Thursday in May, was established to promote good password habits, and raise awareness of the need for strong passwords.
What Makes a Strong Password?
A strong password is graded based on its length, level of complexity, and ease to be remembered by its owner while being hard to guess or “crack” by others. The most common criteria for a strong password include:
- A combination of uppercase and lowercase alphabetic letters (e.g. A-Z, a-z).
- At least one numerical character (e.g. 0-9).
- At least one special character (e.g. ~! @#$%^&*()_-+=).
- No less than 8 characters in length.
Alternatively, a password is considered weak if it can be found in a dictionary or pronounced as a complete word. Weak passwords are as follows:
- Based on personal information such as user id, family name, pet, birthday, etc.
- Common acronyms, repeated or a sequence of characters (e.g. BRB, AAA or 123).
- Sequential characters located on a keyboard (e.g. QWERTY or YUIOP).
The Top Ways Passwords Get Stolen
Hackers are constantly trying to break into password protected systems. According to a year-long research conducted by Google and the University of California, Berkeley, 3.8 million usernames and passwords were affected by phishing scams, 2,992 by key-loggers, and 1.9 billion by third-party breaches.
Email is still the most common vehicle fraudsters use to attack unsuspecting consumers, tricking them into revealing their passwords.
Web spoofing occurs when an email is received with a link that redirects a user to a fake website solely for the purpose of stealing one’s information. For example, you may receive an email that looks like it came from a credible source such as your monthly bank e-statement. Within that email, there is a fake link that redirects to a website that looks like your bank’s online portal for which you have to enter your username and password to login. This is why SCCU’s online banking site displays a unique image to you, so you can verify you are on the real website.
Phishing Scams or Malware
The malware scam is a popular phishing technique in which fraudsters install malicious software known as malware on a user’s personal computer to steal information. According to the Credit Union Times, fraudsters use social engineering techniques in which they send emails with attachments that appear important such as “taxletter.doc” to fool the person receiving the email to click on it. By doing so, the fraudsters increase their chances of having the malicious file opened so their malware can infect the recipient’s computer, and essentially watch every key stroke a user makes on their PC.
The transfer of stolen data acquired either through web spoofing or malware techniques rely upon “keylogging” to capture a person’s username and/or passwords. Keylogging is the use of a program to record every keystroke made by a computer user, in order to gain fraudulent access to passwords and other confidential information.
Unfortunately, strong passwords don’t provide much protection against keylogging. That is why SCCU uses layered security authentication with our online banking to help combat password scams. Layered security requires members to not only provide a password to gain access, but multiple security factors are required to confirm members’ identities. Even if a hacker is able to obtain a password, he won’t be able to provide the needed second security factor.
Tips to Prevent Your Passwords from Getting Stolen
We recommend the following safety tips to help prevent your passwords from getting stolen:
- Avoid using words that can be spelled out completely or found in a standard dictionary. Instead, create an original acronym that starts with the first letter of a common phrase like “BTTDB” for “Back to the Drawing Board”.
- Double-down on the complexity of your passwords by using a mixture of capital letters, numbers, and special characters.
- Never write your passwords down; consider using a password manager to help keep track of all your different passwords.
- Never click on links in an email that you were not expecting or those that appear unfamiliar.
- Remember to never share your passwords with anyone, and change your passwords regularly, especially for accounts containing sensitive data such as your financial accounts.
- Update your personal computer with the latest malware software to protect your information against potential malware scams.