The Problem with Passwords

WHY ARE PASSWORDS SO DIFFICULT????

Passwords. Ugh.

Did you ever see the movie “Catch Me If You Can?” Starring Leonardo DiCaprio and Tom Hanks, it follows the story of one of the FBI’s most notorious counterfeiters and criminals, Frank Abignale as he travels the world conning people into believing that he is a pilot, a doctor, a lawyer; The list could go on… For the last 45 years, however, Abignale has been a vaulted consultant for the FBI and has consulted with hundreds of financial institutions, corporations and government agencies – helping them all in their fight against fraud. His new book, “Scam Me If You Can,” pays a great deal of focus on passwords, their use and most importantly, their creation.

“Passwords have become a nightmare…” Fernando Corbato (Inventor of the Computer Password)

According to not only Corbato, but the above statement echoes true for Michael Chertoff, former Secretary of Homeland Security. Chertoff has said “A closer examination of major breaches reveals a common theme: in every ‘major headline’ breach, the attack vector has been the common password… The reason is simple, the password is by far the weakest link in Cybersecurity.”

So what are you to do? Abignale recommends to try and avoid the following, common mistakes:

• Changing Passwords TOO Often – “Frequent password changes are counterproductive, as people tend to swap out one password for another frequently used one. Changed passwords may also be forgotten, and they can be stolen just as easily as passwords that are changed infrequently.”
  
• Making Passwords TOO Complex – “Keep your passwords simple, but be smart about it. …[Studies] that look at arbitrary password complexity requirements (e.g., ones that call for symbols and uppercase and lowercase letters) repeatidly find that these kinds of restrictions result in less secure passwords.”
  
• Not Screening Your Passwords – “The National Institute of Standards and Technology (NIST) highly recommends comparing your password against lists of commonly used or known compromised ones.” (ie. Enzoic.com or Passwordrandom.com)
  
• Recycling the SAME ONES! – “Reusing the same passwords across multiple websites is especially dangerous for email, banking and social media accounts… even if you haven’t used them in years.”
  
• Being TOO Familiar – ” Don’t use the following in passwords or answers to website security questions: loved ones’ names (pets included), maiden names, hometowns, birthdays, wedding dates or anything else that can be gleaned with some online research.”
  
• REMEMBERING THEM ON A DEVICE – “Never use the ‘save’ or ‘remember me’ options on a public computer. The next user could easily access your account.”
  
• Using Common, Easily HACKED Characters – ” Stay away from these, especially: ‘123456,’ ‘qwerty,’ or ‘password.’ Many hackers still use the ‘guessing’ strategy as a point of entry.”
  
• Not Password-Protecting Your Mobile Device – “Believe it or not, 52% of people are guilty of this. When setting your device password, it’s smart to avoid common choices like ‘1234,’ ‘ 0000,’ ‘2580’ (a top-to-bottom- sequence or ‘5683’ (which spells ‘love’).”
  

The costs of doing nothing, Abignale says, has allowed “identity and credentials to accounts… [to become] ‘fenceable’ on the Dark Web.”

“Over the years, I’ve learned that change – even GOOD change takes time. But it also takes willpower.”

While Abignale’s list is important, it is also important to keep in mind that the simplest way to protect yourself online is to create a strong, memorable password that doesn’t connect to your personal information or searchable online footprint (THANKS SOCIAL MEDIA!). You are first and last line of protection when it comes to your passwords. Keep them strong, keep them safe!