Your Password: Just Waiting To Be Hacked

So you have backed up your computer data with a great cloud storage service and possibly bought the latest and best malware removal software.

You're probably feeling pretty good that you've taken great steps in strengthening your online privacy and security. However, as prudent as those steps are, there is a simple, yet critical aspect of web security that you might have overlooked.

And that is creating "hard-to-crack" passwords and keeping them away from prying eyes.

All the top notch web security software in the world will mean diddly squat if the integrity of your log on information for your social media, email, online banking and shopping accounts, etc, is compromised.

If I am preaching to the choir, then forgive me.

But if your passwords are weak or you engage in risky behavior such as you writing down your log in details on paper, then you need to take the following steps.
Make Your Login's Secure 1.
Make your password difficult to guess by avoiding the obvious.
Don't use anything like your name, birth date or simple numbers.
Remember, not all hacks originate from nerds who live in their mothers' basements somewhere in far away places.

A lot of security problems originate right in your own home, your office, your college dorm or even from your kids. Splashdata, a security software developer, released its annual list of the most common passwords on the internet. And once again, "password," "123456," and "12345678" are the three most popular, in that order. Actually, here is Splashdata's list of top 25 common passwords based on file dumps from online hackers! password 123456 12345678 abc123 qwerty monkey letmein dragon 111111 baseball iloveyou trustno1 1234567 sunshine master 123123 welcome shadow ashley football jesus michael ninja mustang password1 So as the list suggests, avoid numbers in order; avoid using the names of the sites you're using; avoid sports/brand names and the actual word "password.

" Surprisingly, the word "admin" didn't make the list but it too should be avoided like the plague.

But the trick is, how do you make remembering "difficult to guess" login information easy to remember? 2. Actually, a truly secure password won't even consist of a word - be it an English word or a word in some other language.
Single words in the dictionary can be easily cracked using a brute force attack.
You can significantly reduce this risk by taking a sentence and turning it into a password. So a sentence such as "Santa Claus has come to the ghetto" could become "Sclhasc2TG".
You can make this log in even stronger by adding symbols to it (more on this below).
Also, make sure not to use the same log in credentials on multiple sites.

3.

In my early days online, I went for short passwords because they were/are easier to remember. But I came to realize that in creating my log in credentials - "size does matter.
" Back in 2012, Paul Ducklin, a researcher at web security firm, Sophos, demonstrated just how easy it was to crack people's log in credentials. He downloaded a free open-source tool called John the Ripper onto a "not-very-fast laptop" and passed a list of 400 hashed (one way encrypted) passwords that were accessed by a hacker on the server of Dutch technology giant - Phillips. The tool cracked 25% of the passwords in three seconds or less and 50% of them by the 50 minute mark.

Some of the passwords that were used on the server were: 1234, 12345, 123456, 123457, 00000000, philips, ph1lips (nice try), password (no list complete without it), qwerty and seguro (Spanish for "secure" - ha ha).
The Imperva Application Defense Center (ADC) analyzed a December 2009 password breach that lead to the release of 32 million log in credentials and found that short login details were a major problem. It found that 50% of the users chose credentials that were 7 characters of less in length.
Using NASA standards to benchmark consumer's password selection, it recommends that your password be at least 8 characters in length.
4. ADC's analysis also revealed that almost 60% of the users chose passwords within a limited character set.
Between 4% - 40% chose only one type of character.
ADC suggests that a secure password should consists of a mix of uppercase and lowercase letters, digits" and symbols (%@#). If there is only letter or special character in a password, that character should not be first or last. 5.

To provide an extra layer of security, some sites allow you to implement a two-step authentication log in with Google or Facebook.

Some websites also allow you to use your cellphone in a two-step authentication log in.
I had this set-up on my Gmail account.
But I must admit, it was annoying having to input a new code that Gmail would text me, each time I needed to logged in.

6.
Watch out for Phishing.

This is an attempt via email asking you to provide sensitive information such as usernames, passwords and credit card details by someone masquerading as a trusted company (your bank, shopping site or social media a/c, etc).
You may be asked to click a link in the email and then input your login credentials on the website you land on.
A website which by the way, would be fake.

Or you may simply be asked to email the info. Thankfully, many of these messages land in your junk folder and/or your email service provides a warning message at the top such email.

But to cyber criminals credit, some phishing email messages are very believable and some people fall for them. Just remember that a reputable company will never ask you for your password.
Should you get an email asking you to enter your login credentials, you should call the company directly to find out if the message is legitimate.
Or, you can type in the (publicly known) company's web address directly into your browser, log on and then make changes to your profile as needed.

Do not click on a link in an email that asks you to reveal your details. 7.
One of the issues with making your log in credentials difficult to guess is that they can also be difficult to remember especially if there are several of them.
This increases the temptation of writing down your logins on paper which in itself is risky behavior.
One way to significantly reduce this risk is to turn a sentence into a password as discussed before, write down that sentence on paper as a memory jogger and put that paper in your wallet.

Another solution is to use free or paid third-party password management tools that encrypts and stores all your log ins and can also create secure log ins for websites. With such tools, you'll just need to remember one password in order to access all your log in details.

I use Roboform, which is very popular. It has both free and paid versions.

With the paid version, Roboform will save you time by filling in your login details with one click and automatically logging you into a website.
No need for typing. Keepass is another great tool; it is free to use but you'll have to manually enter your logins.
No Guarantees By no means are the security strategies mentioned above 100% hacker-proof.

Determined criminals can get to your password not necessarily through any lapse on your part but through companies that you have accounts with.
Evernote and LinkedIn are two big web companies that suffered password security breaches in recent times.
If it can happen to them, with all their sophisticated security, it sure as hell can happen to us - the ordinary men on the streets.
Computing power has skyrocketed to such an extent that a simple graphics card can crack a strong password via bruteforce in seconds. This means that if a website can't quickly spot a bruteforce attack and lock your account, even your strong password can be hacked.

All you can do is to take the precautions outlined here and exercise common sense and vigilance in your surfing. Do this, and you'll make a hackers's job much harder.