Show Notes: For those who prefer to read rather than watch
Today we’re going to look at one of these essential but mindless jobs that you can do during a pandemic as there’s going to be days where your brain just isn’t in the game.
One of the essential jobs that we need to keep on top of at any time, but particularly right now, is updating your passwords.
Right now, we’re living online, and unfortunately, hackers don’t stop. What we’re seeing is hackers and spammers are increasing their presence. They’re making a lot more attacks because they love misery, and they love fear, and so hackers and spammers are rife.
This is the perfect job for you to do on those days where your brain is dead – update your passwords to something more complex.
You are the weakest link
What hackers and spammers know is that you are the weakest link in your online and business life. The reason being, they understand the psychology behind why you do what you do with your passwords.
People like to make things easy for themselves, so having complex passwords and changing passwords takes a lot to remember, which is why people tend to use the same passwords over and over across different websites.
People go for simpler passwords because it’s much harder to remember complex ones.
The hackers know this about people, and they know that if you’ve used a password once on one website, it’s likely that you’re going to use it on another site.
What hackers do is they target big sites like LinkedIn a few years ago, and Canva last year. What they were looking for were usernames and password combos because then what they do is they take those lists, and then try those usernames and passwords on money sites as I call them: bank sites and other money or identity-related sites to try and see if they can get in.
You may think it’s only one or two sites – it can’t be much. Well, there’s an interesting site called have been pwned which collects lists of hacked details from the dark web and where you can check if your details have been breached.
Unfortunately, it doesn’t mean if you don’t appear on their list that you are safe. It just means that they haven’t been able to find you in the lists they’ve been able to track down.
So far have been pwned has over 9 billion username and password combos, so it’s a pretty high likelihood that your username password had been leaked somewhere on the net, which is why you need to change your passwords regularly. You want to make sure that you’re slowing the buggers down.
But what happens if they just get your username as you might’ve changed your password? Hackers do what’s called brute force. They’ll sit there and try your username and then they’ll try different combinations of common passwords to see whether they can break-in.
Unfortunately, hackers these days have gone high tech, and so they have lots of computers all chained together. They can do thousands and thousands of combinations per second, which means that common passwords and common combinations can be broken very easily.
Time to break common passwords
I’ll take a common password I see as an example. When I do online work with my clients, they’ll send me their usernames and passwords so that I can access their online files, so I get to see a range of what people use.
A common password might be someone’s surname and a couple of letters and maybe an exclamation mark. So Smith123! This is a really common type of password and that takes a hacker 0.2388 seconds to break. That’s less than a second to break.
Also, I see combinations of a child’s first name and possibly a date of birth, like Mary100154.
That takes 3.42 seconds to break.
Well, let’s just make it a bit more complex. Let’s stick on the exclamation mark at the end: Mary100154! This now takes 338 seconds. Great! Are you still feeling really secure with your password?
Strategies to increase complexity
What we’re now going to do is look at some strategies to help slow the hackers down further. I’ll give you the ideal strategies at the end, but I’m also going to work with where you’re at now because I understand that people like to use something that they know.
Start by sticking an exclamation mark at the front and the end: !Mary100154!
This now takes half a day to crack and makes things a little bit more secure. But we can do better than that.
Creating unique passwords
If you’re using the same password on lots of sites, then it’s not unique, which means it is easy for hackers if they get your details. So, we need to make your password unique to every site that you go to.
Here’s a tip: Every site you go to has a name: Facebook, Twitter, LinkedIn – they’ve all got names.
What if you took a couple of the letters of the site name and added it to your password?
Congratulations! You now have a unique password for each site.
So, it could be the first couple of letters like Fa for Facebook – the first two letters. Or it could be Fk – the first and last letter. Or you could go phonics – Fb. Figure out what works for you.
Just add a couple of letters of the site name and add it to your password that you use.
I would also add in an @ so you know which site you are at. [email protected]!
Do you know how long that takes to break now? 50 years!
But we can still do better.
Not all symbols are equal
One of the things that we found when testing this concept is that exclamation marks aren’t as secure as other symbols on your keyboard. So, if you just swap out the ! for a $ symbol, [email protected]$ now takes centuries to break into.
So, you’re keeping your old password strategy (and remember, I’ve told you never to use your name and password), but you are then adding in some extra bits to it to make it harder to crack.
You could also use any other symbol: @#%^&* as these also make things harder than !. You could also bracket yourself ([email protected]).
Use anything other than the exclamation mark, and you’ll make it more secure.
The gold standard
Now, this is where I’m going to smack you around the head and say the ideal is that you have a 16 character unique password using a password generator and saved into an online password keeper system.
There are paid and free options which include:
If you use a password manager app, then always go for a randomly generated password. I recommend Secure Password Generator to create a complex password. (It’s free).
Don’t save passwords into your browser
Do not save your passwords into your browser just in case you get a virus to your computer and all of your passwords will disappear off to the hackers.
Or if you clear your browser of cookies and passwords, guess what? You’ve lost all your passwords. A lot of my clients ring me to say, “Hey. All my passwords have disappeared. Where did they go?” It was generally because they were saving them into their browser and not a password keeper.
Putting it all together
Use a password keeper and that way you have secure cloud-based storage for your passwords, and you can use random 16 characters strings for extra security.
But if you can’t do that and if your brain doesn’t go that way, then at the very least with your passwords, add a dollar symbol beginning and end, add an @ and add a couple of characters of the site that you’re going to create a unique password.
So that’s a really simple password tip to create more complex passwords.
During the pandemic, work your way through all of your passwords and update them.
Start with your money sites and then move onto your online presence like your website and your domain name registration. Then trickle your way out through all the passwords you use.
Remember to change all your passwords periodically. It’s a really good job to do at least once a year, but this is the perfect job for you to do during a pandemic on days that you just cannot get your brain together.
Note: You should also enable dual-factor authentication on as many sites as possible.
This tip was one of the things that we cover in one of the courses that I’ve written, which is the Beginner’s Guide to Securing your WordPress Website. If you’ve got a WordPress website the hackers are always onto it and in this course, you will learn how to reduce the risk of being hacked. It’s a course packed full of handy, practical information, so if you have a website, you need to know this information to keep it safe.