In the ongoing battle against fraud, your first line of defense is a password. Our passwords are what stand between a cybercriminal and complete access to your device, account, finances, and other sensitive data. So it makes sense to make your password as strong as possible in order to keep fraudsters out, right? To kick off cybersecurity awareness month, we’re going to take an in-depth look at the best password practices. This way you can keep your password secure so that it can keep your data secure in return.

How Can Passwords Get Hacked?

Your password is the key to your personal information, which is also why it’s the first thing a hacker will go after – and hackers are clever with the ways they try to access your accounts. In fact, their schemes can be as simple as using brute force or as complex as using social engineering to gain your trust:

  • Brute Force Attacks are essentially password guessing. Oftentimes, hackers will use bots to repeatedly enter hundreds of random passwords each second until it finds the right one. If your password is short or uses common dictionary phrases, it will be easier for the bot to guess.
  • Malware can be disguised as a simple link or file attachment in an email. Once it’s on your computer, malware such as a keylogger can record your keystrokes – including your password – and help cybercriminals access your confidential information.
  • Data Breaches can occur at major companies to expose credit card numbers, social security numbers, and usernames and passwords. Once a hacker gets a hold of your exposed password, they can use it to steal your credentials and send further email scams to your contacts.
  • Phishing is a common type of scam that tricks you into revealing your password by posing as someone you know and trust, such as your bank. Phishing scams often appear as emails or texts or even as spoofed websites with fake login pages that can collect your login credentials.
  • All phishing attacks are social engineering attacks, but not all social engineering attacks are phishing attacks. Social engineering preys on a victim’s psyche to gain their trust and convince them to provide their sensitive information. For example, scareware is a type of social engineering attack that appears as a pop-up for a cybersecurity problem and scares users into handing over their data in order to “fix” the problem.

Password Dos & Don’ts

  • Don’t Make it Short:  When it comes to passwords, the longer the better! Most cybersecurity experts recommend that you create a password at least 12 characters long or longer. The reason why is that a short password can be cracked almost instantly whereas a 12-character, random password can have trillions of combinations that might take cybercriminals years to get right.
  • Do Make it Random: Using your favorite song lyrics, movie titles, or quotes in a password might help you remember it better, but it can also make your password easier to guess for cybercriminals. Instead, try to make your password as random as possible by combining words that don’t make sense in order to trick any potential hackers.
  • Do Mix Symbols: The most common way to trip up a scammer is to use a mix of different characters within your password. For instance, it’s good to include both uppercase and lowercase letters, numbers, and symbols. After all, it would take more time and be difficult to try and guess a password such as G7!mLq9#tR8@xZ3^ rather than one like “doglover.”
  • Don’t Use Dictionary Words: If you use a word in your passcode, try to place intentional misspellings as a way to frustrate potential hackers. For example, you can substitute numbers or special characters for letters. So instead of using a word such as “banks” in your passcode, try swapping it out for “b@nk$.”
  • Don’t Include Personal Data or Identifying Information: It’s fun to post your birthday party on social media or a picture of your dog for National Pet Day. However, if your profile is shared with the public that also means these posts may be shared with hackers. Try not to include anything in your password that can easily be found online, such as your birthdate, pet’s name, the name of a loved one, address numbers, or other identifying information.

 

Keep Your Password Safe

Creating a strong password is only the first step. Now, you need to know how to keep it protected from prying eyes.

  • Don’t Reuse Passwords: Every device, app, and account needs a password to keep it safe. However, using the same password – no matter how strong it is – for each one of these can only increase your risk of being compromised. If a hacker can get ahold of one passcode, then they can use it to hack into the other accounts sharing that passcode. Try to create strong, unique passwords for every account and regularly change them to prevent hackers from easily accessing your credentials.
  • Store Passwords Securely: If you have multiple accounts, it can be hard to keep track of every unique password for each one. While it’s tempting to write the passwords down, this can make them easily discoverable. Instead, it’s best to store passwords in a password manager. A password manager is a secure, digital vault that can store your passwords, keep them encrypted, and update them whenever there are changes. Plus, you can enable multi-factor authentication to access it, giving it that extra layer of protection against potential fraud.
  • Enable Multi-Factor Authentication: Speaking of, enabling multi-factor authentication is a good practice to have for every account you create. Even if a hacker is able to get through your passcode, enabling MFA requires something that only you would have access to, such as a face ID, fingerprint, or one-time code sent to your phone number, in order to access the account. Plus, if someone is trying to hack into your credentials, you’ll receive an MFA prompt and know for sure if you are under attack from cybercriminals.
  • Don’t Share Passwords with Anyone: When we say anyone, we mean anyone – including your friends and loved ones. As we covered, criminals will try to pressure you into giving up your credentials by posing as people you know and trust. However, you should be wary of anybody who is requesting sensitive, personal information from you even if it does sound like a person or company who you trust. Always take care to verify the identity of the person you’re talking to and know that a real company will never ask for your password over the phone or through email.

Summary

Fraud can happen to anyone at any time, but your password is one of the greatest defenses you can have – and by following the practices that we’ve laid out today, you can make your defense as strong as possible. With a secure password on your side and good safekeeping skills, you’ll be able to make any hackers think twice before trying to get into your account. Of course, accidents can happen. If you do find yourself a victim of fraud, always be sure to change your passcode and reach out to FFB Bank and any other appropriate authorities immediately so we can help you stop fraud in its tracks.