If you have ever seen a really bad traffic accident, you understand how it can affect your behavior—at least for a little while. Suddenly, you realize that small and simple changes would make you a much safer driver. You slow down. You give the car in front of you a little more room. The urge to text is a little less compelling.
Similarly, recent high-profile computer hacks may leave you wanting to be a little more careful with your personal information. If so, there are a number of relatively simple steps you can take to improve your personal digital security. For starters, you can probably do a better job creating and managing your passwords.
More often than not, people choose passwords that provide little protection. Internet security firm Keeper Security analyzed 10 million passwords made publicly available from data breaches in 2016. The most common password was “123456” and accounted for 17% of the passwords on the list. The 25 most common passwords accounted for over half of the list.
Creating crack-resistant passwords requires you to keep three words in mind: long, random, and complex. The MIT Technology Review cited a study showing that adding numbers and uppercase characters doesn’t significantly increase password strength. However, as you make passwords longer, more random and more complex—including using symbols—the difficulty in cracking them increases exponentially.
A number of tools are available to help you create and manage strong passwords. 1Password is a particularly effective application combining a password generator with an encrypted password archive that syncs across several platforms and devices. A recent post on www.pcmag.com compares 1Password with 9 other password managers.
Most websites try to protect their users by encrypting the passwords on their servers using a process called “hashing”. When you log-in with your password, the website hashes it and compares your newly hashed password with the hashed password in their database. If they match, you are allowed access to the account.
But hashing only slows hackers, it doesn’t thwart them. With the use of sophisticated computer tools and dictionaries of common passwords, hackers can decipher hashed passwords.
To demonstrate password vulnerability, a technology website called Ars Technica invited three experienced hackers to participate in a password cracking showdown. Each hacker was given a list of 16,449 random passwords with the assignment to crack as many as they could.
The most successful was able to crack 90% of the passwords in 20 hours, but it took him less than 16 minutes to break the first 10,000. The detailed results of this contest were published in a report that is both interesting and sobering. If you want to read it, let me know and I’ll send you the link.
You can further increase the power of your passwords by using two-factor authentication whenever possible. Logging into an account with two-factor authentication requires not only your password, but also a special code that is sent to you via text or email. While two-factor authentication is not a panacea against determined hackers, it a significant defense that should be part of your arsenal.
You can also significantly enhance your security by changing your password frequently. A compromised password is less valuable to hackers if it changes before it can be used.
Steven C. MerrellMBA, CFP®, AIF® is a Partner at Monterey Private Wealth, Inc., a Wealth Management Firm in Monterey. He welcomes questions that you may have concerning investments, taxes, retirement, or estate planning. Send your questions to: Steve Merrell, 2340 Garden Road Suite 202, Monterey, CA93940 or email them to firstname.lastname@example.org.