It’s National Password Day for the Better Business Bureau (BBB).
And the national organization is encouraging shoppers and businesses on March 15 to buckle down on their digital secret codes to protect themselves against fraud.
According to a 2019 security survey by Google, at least 65 per cent of users repeat the same password for their online accounts.
This creates an ideal situation for a hacker, BBB says, as once an account is breached, other accounts can easily be accessed.
As well, NordPass — a global cybersecurity company with Nord Security — states that most people don’t create strong passwords in the first place.
Last year, NordPass says, the most common Canadian passwords were "password," "qwerty," "abc123" and different variations of "123456."
Every March 15, you’re encouraged to change the passwords for your primary online accounts (i.e., banking, social media and shopping sites) and delete inactive accounts.
BBB recommends the following tips on how to protect your passwords:
1. Avoid easy passwords.
A weak password is easy to guess. Avoid using information that is easily searchable like your pet’s name, mother’s maiden name, favourite team, the town you grew up in, your birthday/anniversary, etc., or anything that could be easily prompted via a phishing email or text. Even if you don’t consider yourself an active user of social media or the Internet, your information is out there on one forum or another.
A strong password has at least 12 to 14 characters, mixed with uppercase and lowercase letters, numbers and symbols. And is often more than one word, which leads us to the next tip.
2. Use a “passphrase."
Instead of using a single word, use a passphrase. Your phrase should be relatively long, around 20 characters, and include random words, numbers and symbols. Something that you will be able to remember but others couldn’t come close to guessing, such as PurpleMilk#367JeepDog$.
3. Use multiple passwords.
Never use the same password for multiple accounts, especially for the most sensitive ones such as bank accounts, credit cards, legal or tax records or medical related files. While it may be easier to remember one password for every account, it’s much easier for hackers to break down one wall rather than multiple walls. If hackers can figure out one password, even if it’s for something harmless, such as an online shopping app, they will now know the password to every single account you own.
4. Use multi-factor authentication.
When it’s available and supported, use two-factor authentication. This requires both your password and an additional piece of information upon logging in. The second piece is generally a code sent to your phone, or a random number generated by an app or token. This will protect your account even if your password is compromised.
5. Change your passwords regularly.
It’s a pain to change and then remember all your passwords, but it’s one of the best ways to keep your private information safe. It is best to schedule a time at least twice a year to update your passwords (today would be a great day to start!). While doing so, also take the time to close old accounts that you no longer use, especially if they are associated with credit cards, or bill payments and do not forget to delete the inactive email and social media accounts.
6. Select security questions only you know the answer to.
Many security questions ask for answers to information that is easily searchable such as your postal code, your mother’s maiden name, favourite sports team, and your birthplace. That is information a motivated hacker can easily obtain. Similarly, don’t use questions with a limited number of responses that attackers can easily guess - such as the colour of your first car.
7. Consider a password manager.
A written list would be best, keep the list updated and organized, as well as secretive. Alternatively, if you’re worried about losing it, consider a reputable password manager to store your information. These easy-to-access apps store all your password information and security question answers in case you ever forget. However, don’t forget to use a strong password to secure the information within your password manager.
— source: Better Business Bureau