In the digital age, instant access to every account is stymied by only one feature: the password. Many people know the common foibles of choosing a password, but many mistakes are so common as to be endemic. Most security breaches happen not just because of technological superiority, but because of common mistakes. While most people know the main mistakes of choosing a password — don’t choose a dictionary word, don’t use the same password for everything, don’t use personal information, don’t write it down and leave it lying around — many of the tricks that criminals use to infiltrate personal and business accounts are less well-known.
Don’t Give It Out — to Anyone
The No. 1 way hackers access a database is pitifully simple: they ask for the password. Shockingly, this is effective in a very high percentage of cases. A government study contacted several hackers to attempt to crack into government software that was supposed to be impenetrable. Hackers simply called the departments they wanted to access, posed as a computer consultant (on the phone, with no verification credentials), and asked for login details. Sometimes, they even pretended to be security specialists. In all 20 of the attempts, at least one person on the line revealed not only a password, but personal data as well.
Hackers and identity thieves use the same tricks in order to access personal accounts. The vendor or security provider of your personal accounts should never ask for a password. The phone is the last place a reputable company will want you to divulge information like this. Preventing hackers from accessing your personal information is the most important part of identity and access management.
Change It Often
Most people know that it is crucial to change your password often. However, given the difficulty of remembering a complex and unique password, this step is often overlooked. The stress of remembering your password is worth the trouble. Remember that if your account is ever hacked, no matter how low-level the threat, you should change your password immediately no matter how difficult it is to remember.
Don’t Fall for Easy Tricks
Many people think that by avoiding using personal information, their passwords will be impossible to crack. While it is true that using personal information and dictionary words are the easiest passwords to crack, there are many other “soft” passwords that hackers can easily feed through automated systems. Most technology that hackers use to hack software and personal and business accounts is focused on running through as many soft, or easy passwords as possible—because many of these are more common than you think. For example, any of the numbers or letters adjacent on a keyboard or number pad are automatically classed as easy—if you chose them because they are unrelated to you but easy to remember, unfortunately, they’re easy to crack as well.
If you are struggling to find a password that you can remember, try a mnemonic. For example, take the first letter of every word of a common phrase or your favorite song. From “Mrs. Robinson,” for example, you could choose “Heaven holds a place for those who pray, hey hey hey,” and set Hhapftwphhh.