How long and complicated is your password?
Check the chart to see how fast it can be hacked...
Recently, LastPass, a password manager I used to recommend to clients in the past, has had some major issues.
They got hacked. Many times. After a number of hacks, they refused to acknowledge how bad the breaches were. This rocked the IT world as honesty is the best policy.
Between the LastPass hack and other sites I had used for many years also having security breaches with millions of passwords exposed on the dark web, I had to take action.
My early passwords were simple and easy to hack.
Hackers have programs that they use to gain access. The programs go to every financial institution and automatically enters your email and password. They do the same with social media accounts.
There was one day when I got a notice that my password was changed. On my bank. And I didn't initiate it. I took immediate action and was a bit faster than the hackers. I was able to change the details they had changed back and get control of the account after I changed my email password - they were getting the same reset notices!
One time, I was actually using my gaming system, and saw that somehow someone had managed to change the group I was affiliated with and my tag line!
My mistake: I had been using iterations of a simple password for a long time and for many different sites. I figured that it was easy to remember and I could just keep using it.
So last fall, I started researching what password managers were available and how quick a hacker could compromise a simple password.
My simple iterations of that password, 8 characters with letters and numbers, would take a hacker using a program two minutes compromise my security.
Here's a challenge: take your password, count up the combination of letters and numbers and see how long it would take for a hacker to gain access to your account.
Eye-opening.
Well, how do I advise clients to secure their accounts?
I target the 1million year mark as a minimum.
Yah, that's the one that had 14 characters - numbers, upper and lower case letters and symbols.
Clearly this cannot be something that is memorized as I suggest using a DIFFERENT password on each site. If one site gets compromised and that password is leaked, no other site can be easily breached.
Here's where using a password manager comes to the rescue.
The two that are at the top of the short list are 1Password and Bitwarden. Do NOT use LastPass.
If you are just starting, you will need to create a strong password for that password manager. If that's strong....then it's safe to keep your passwords in a manager.
Once you have the account started, add the app to your phone, and the extensions for that app to your browser so that you can start saving the complicated passwords and have them sync to your phone.
When you get to a site that you need to create a password or update the weak one on, you ask the app to generate the password and save it with the URL of the site and the user name.
On an iphone, once the app is added to the device, use Face ID to unlock and authenticate into that app. Another setting in the phone allows the password maanager to login to various apps on the phone and websites.
I use it for most apps.
For those of you only using Mac and iPhone, passwords security is built in to the phone with iCloud Passwords and security. Apple will suggest a strong password that can be saved and synced to the Mac and even an ipad once it's all setup.
While this might sound confusing, I have helped many clients get this all setup.
Trust me, as hackers have gotten better at cracking passwords, we have to get better at securing our digital lives.
