Happy National Cybersecurity Awareness Month 2018! Police your Password

It’s October! This means that—along with all those ever-important holidays like “Global Handwashing Day,” “National Feral Cat Day,” and “International Day of the Nacho“—it is National Cybersecurity Awareness Month! Unlike “Sweetest Day” (which I had honestly never heard of until I moved to Michigan), you do not have to buy someone candy to show your affections, you simply need to make certain that you are taking care to protect your online privacy.

As part of NCSAM, I thought that I would talk a bit about something we do not consider much: the password. Many of us realize that they are unavoidable, but consider them a nuisance that has to be worked around in order to do the things we want or need to do.

The average person spends eleven hours connected to the internet every day. From banking to chatting with friends, uploading a paper on Canvas to registering for classes, there is really no limit to the things we do on a daily basis online. Almost every single resource we use—from Facebook to Wayne Connect—is secured with a password. You may choose to better secure yourself using two-factor authentication (which I covered last year for NCSAM) but the first line of defense is always our password.

Sadly, most of the population is really bad at creating passwords. For example, this past week, I happened to watch the first episode of the Murphy Brown reboot, in which Candice Bergen’s character instructs her son to use “password” as the password for a new Twitter account. Amazingly, the IRS was actually discovered to be using “password” for a password for secure systems in 2015.

I find it interesting that we still have lists of worst passwords. In 2017, Time Magazine reported this list of the top ten worst passwords:

  • 123456
  • Password
  • 12345678
  • qwerty
  • 12345
  • 123456789
  • letmein
  • 1234567
  • football
  • iloveyou

These few statistics point out exactly why we cannot take risks with simple passwords:

  • 10,000 of the most common passwords (such as 12345, qwerty, or 123456) can access 98% of accounts.
  • 90% of passwords generated by users are vulnerable to hacking.
  • The average user has around 26 online profiles or accounts, yet they only use five passwords for all of them.
  • In 2014, five million Gmail passwords were hacked and released online.
  • In 2017, Yahoo admitted that the data breach that had occurred three years earlier reached three million accounts.

So, what is important in creating a password?

  1. Make it unique. Do not use the same password for more than one account. If a hacker gains access to one account, they will have access to every account using that password.
  2. Make it long. Longer passwords are simply more secure. You should be using at least eight characters.
  3. Use a phrase. Using more than one word increases its security. Use a phrase no one else would know.
  4. Vary the characters. Combine uppercase, lowercase, numbers, and special characters in your password. This has become a requirement for many accounts. As an example, using this and the last suggestion, if you wanted to set your password as “happy birthday”, write it as “H@ppyB1r+hD@y.”
  5. Avoid personal information and common words. Do not use information that someone could easily find out. If someone can learn your child’s name and the day they were born from a simple Facebook post, you are not choosing a good password.

With those thoughts, I would highly suggest that you consider using a password manager to create and maintain unique credentials for all of your profiles. A password manager is a type of software that creates, stores, and protects passwords. The best of these services should have an app for your mobile device that works in conjunction with add-ons for your computer’s browsers. This allows you to have your information everywhere you go.

Some of the top password managers are Dashlane, LastPass, and Keeper. Though there are free versions of some of these, they are often limited to the number of passwords they will store or how much you can share a password. Given the cost and hassle that goes along with identity theft, these programs are generally worth the cost. Since most of us have many accounts we are juggling in our lives, we would all be best served by using one.

Good news to remember for NCSAM!  I know how much people complain when our Wayne State accounts require us to change our password.  Because we would want to encourage all of the Wayne State family to use better passwords, C&IT instituted a policy where we will never again ask you to change your password if it meets certain strength requirements.

Have a wonderful National Cyber Security Awareness Month! Celebrate by spending a little time making certain that your information is safe both at home and work.

If you’d like some more tips for creating a secure password, see this excellent infographic from Mike’s Gear Reviews below.

Create Secure Password Infographic