We need to rethink how we manage our passwords and online assets.
We tend to reuse the same username and password across all websites. We’ve seen a rash of databases for social services being dumped all across the dark web and even open internet. Whether it’s Ashley Madison, Adobe, MySpace, or even LinkedIn, major social sites and services are being hacked and dumped almost every other week. If you are not changing your password, it will eventually get popped it will eventually get used.
Some solutions:
Password Managers
While they are secure, I tend to shy away from them. I don’t like having my password manager online on a cloud where hackers have the ability to expose your information.
Start using more 2-factor whenever wherever you can.
This is honestly the best solution for password security. A lot of users find this very annoying as they have to type in their password and then a 6–8 digit pin number. Well those users are ignorant to how great of a security feature this is. Be thankful for sites and services that provide 2-step authentication. Use it whenever you can wherever you can for personal sites.
Devil’s Advocate: “If we force users to change their passwords every 90 days, they will continue to use weak passwords.” This is not a fix to the root problem. That’s fixing a bad symptom of the problem.
So, what’s a simple way to exponentially make your online identity and assets harder to hack? Have different tiers of passwords for different services.
TIER 1
Services that you access but don’t share personal info on here. These are annoying sites like Reddit, Recipe sites, Games, radio stations, etc.
Password Example: DontHackMeBro
TIER 2
These sites include personal information that hackers can use to identify and decipher more information about you. Examples include Amazon, online shopping stores, internet dating sites, and social media (NOTE: Depending on how much you share, some social media can and should be considered TIER 3. I treat Facebook as Tier 3 as any good hacker can social engineer their way to identity fraud if they have your Facebook account.)
Password Example: DontHackMeBro675!
TIER 3
These sites are the vaults to your life. Sites that provide hackers with financial data and personal information should be treated carefully with 18+ character passwords with various characters and symbols. Websites include any banking sites, your email, and applications like TurboTax.
Password Example: d0n7h4ck3m3br0675!
Even with this tiered systems, any sophisticated hacker who is really trying to crack your security can find ways to solve what they are trying to uncover. That doesn’t mean we should be making their job easier for them. A simple tiered system for password security can help prevent situations where databases of passwords are dumped and you are scrambling to change every password you know.