A friend of mine recently went through an issue with his Facebook account. Unbeknownst to him, it was posting links to dodgy “investment” opportunities seemingly promoted by major Australian celebrities.
Quick tip: If you see an investment “opportunity” on Facebook, run a mile. Maybe two or more, because they’re ALL scams, and, sadly enough they’re wildly profitable for the scammers. According to the ACCC’s figures, Investment scams of all types were the most prevalent way that Australians were defrauded in 2019, with more than double the losses of the next most common scam type, relating around romance and dating.
Now, this friend had changed his password a few times, so I advised him to carefully check the apps that he’d given posting access to in Facebook. If you’re curious, the easiest way is to go into the settings section of Facebook, select apps, and you’ll be told exactly which apps and services have access. In her case, the best approach was to deny access to everything, and then only permit access on a needs basis.
But it was his comment about passwords that got me intrigued. He said he was “running out” of passwords, which suggested to me that he wasn’t really thinking that hard about new password combinations.
Which is a big mistake, but it’s one that many of us fall victim to.
Each year, security firm Splashdata releases its list of the worst passwords revealed through leaks and breaches that are still in common circulation. You can read the full list here but the top ten makes for rather depressing reading.
You can probably guess what some of them are outright, and any password that a human can easily guess isn’t a security measure at all. Let alone one that any kind of computer might be pointed towards, because the technology there can scan through literally billions of combinations in near no time at all.
Here’s the top ten list; if any of your passwords are here, I have no psychic powers – and you really don’t have a “password” at all.
Mind you, if you find your password anywhere in the top 100, or in any dictionary, you’re also running a huge risk of being compromised online in some way. That could be with your Facebook account posting dodgy ads in the guise of your personal recommendation – or the loss of access to your own bank accounts.
So, what’s the solution here? Use strong passwords, preferably secured behind an encrypted password manager, because that way you only have to remember one strong password, not many of them. Use two factor authentication when it’s offered, because while it does introduce a layer of difficulty while you procure your secondary authentication code, it also enhances the security of any account you add it to.
It’s 2020. It’s far past time we got past simple to use but simple to remember passwords. It’s a little more work to keep yourself safe online, but with so many of our activities, from simple social media to online banking to just about everything else being secured this way, it’s vital that we all take it much more seriously than using a password such as “123456”.