Weak Passwords Can Jeopardize Your Personal And Professional Security [Infographic]

Are the passwords for your social media sites protecting your personal information?Are your passwords strong? Better yet…are they weak? Do you know the difference?

I know, I know…passwords are a pain. They’re hard to remember, sites keep making you change them and don’t even get me started on the process you have to go through to reset them. It would just be better if we could all use 1234 as our passwords, right? Wrong! Especially as social media sites grow more and more popular and you continue to share information on them, the strength of your password is going to become more and more important.

So let’s talk a little bit about passwords and security.

High Risk – When Your Password Is Weak And Limp

Typically, a password is defined as “weak” when it only contains a series of lower-case letters and is especially weak when it contains a commonly used word like “love”. Weak passwords are easily cracked because hackers can use what is referred to as a dictionary attack, which just continually submits your username and password with words found in the common dictionary. If you use a word that you can find in Merriam-Webster…your password is weak and you’re begging to have your account hacked. Many sites won’t even allow you to use a weak password, but there are still some that do.

So protect yourself and update that password.

A Little Better…But Still At Risk – When Your Password Starts To Evolve

You now understand that a simple dictionary password is a high risk. So would it solve the problem if you just capitalized the L in “Love”? Not really. Since the password is still in the dictionary, the hacker-bots have smartened up and have now started sending dictionary attacks first, and then following with dictionary attacks that lever case-sensitivity.

Sure, it takes longer, but your personal information is worth it to them.

Medium Strength – Fighting Back With Numbers

Yep, that’s right…fight those hackers by adding a few numbers. But be sure that they aren’t sequential, though. “Love1234” isn’t really a great password. It’s something even a Spaceball might be able to figure out.

Getting Stronger! – Adding Special Characters To The Mix

Want to make your password just a little more special and ready to resist those nasty hackers? Give it some extra-special ooomph by simply adding a special character. Something like % or & or @ makes a big difference in keeping your information safe. You can even substitute the letter S with the $ or the letter a with @ to make it easier to use.

So imagine that your elementary school was named Bradley Elementary and your current area code is 816. You can remember those two unrelated things, right? Maybe your password then becomes “Br@dley816”. That’s not too hard, right?

Guess what…according to the Microsoft guidelines on passwords, you just created a strong password. Congrats!!

So What?!? Why Do I Need A Strong Password?

Hmmm…let’s think for a second. What kinds of information are you sharing on social networks like Facebook, Twitter, LinkedIn, Foursquare and YouTube:

  • Your name
  • Your location
  • Your employer and your employment history
  • Your kids’ names
  • Your kids’ schools (how many of their photos have their school name on them?)
  • Your kids’ friends
  • Where you’re going to be this weekend
  • Whether you are traveling
  • Whether your house is currently unattended (because you’re traveling)
  • Where you went to school
  • What professional groups you belong to
  • Your address and mobile phone number (usually found on your resume)
  • Your email address (and any alternate email addresses)
  • Access to your email, both personal and potentially work email.

Trust me…you don’t want this information in the hands of someone who has bad intentions. I’ve been there, having had my blog and Twitter account compromised. It’s not a fun experience and I hope you never have to encounter it.

NOTE: A special note on why email addresses are such a problem. So what if a hacker gets your email address. What are they going to do, send email on your behalf? You could only wish. Remember that for many social networks, the magic combination is User ID and Password. Guess what…many sites allow you to type your email as your User ID. If a hacker gets your email address, they already have HALF the magic combination and now just have to figure out your password.

Hackers are working harder and harder to steal your information. More and more, thieves are become less interested in your television and more interested in going after your entire bank account. Take a minute to make sure that your passwords are protected by upgrading them to strong passwords. And if that didn’t rattle your cage enough, below is a great infographic from the folks at Veracode.com that can dive further into the detail of the necessity of strong passwords:

Have additional tips? I’d love to hear them in a comment!

Cheers!

–Sean

Social Media Security Basics

Infographic by Veracode Application Security

 

Comments And Reactions

  1. SandraWilliams says:

    Good reminders

  2. What’s your stance on the following points:

    1) Ticking the . . . ‘Remember me’ . . . option ?
    2) Logging in SoMe sites via eg. twitter or facebook account ?
    3) Phishing emails that can log on through your computer via the ‘remembered’ passwords ?

    Cheers,
    Andreas

  3. I prefer a low-tech approach — an algorithm that I can remember, that’s based on the name of the site, but that is not easily analyzed off of having just one password. Then I’m not reliant on any third-party software, and I can get into any account from any device, but if one account gets hacked, I’m still safe everywhere else.

    So, for example, my LinkedIn.com password might be (but isn’t):

    frL7(3og

    On its own, no one will ever figure it out, but I always can, fairly easily.

  4. I use KeePass – a LOCAL (ie I carry it with me, it’s not somewhere hackable in the cloud) encrypted db that I can share across my machines – PCs, phone, even runs on a USB stick

  5. Ian Shea-Cahir says:

    The worst part is using one password for everything. http://youtu.be/48wZBoPrPDM?t=20s

Trackbacks

  1. […] most blogs and websites are freely viewed by anyone who wants to view them, without typing any site-specific username and password. Some areas, however, such as your admin console or analytics dashboard should be secured to keep […]

  2. […] media and computing in general. After reading this article, be sure to head over and check out this post on how passwords are another key element of your online […]

Speak Your Mind

*