JUL 3, 2022 / Scams

How secure are your passwords?

A friend of mine recently went through an issue with his Facebook account. Unbeknownst to him, it was posting links to dodgy “investment” opportunities seemingly promoted by major Australian celebrities.

Quick tip: If you see an investment “opportunity” on Facebook, run a mile. Maybe two or more, because they’re ALL scams, and, sadly enough they’re wildly profitable for the scammers. According to the ACCC’s figures, investment scams are the most prevalent way that Australians are defrauded, with more than double the losses of the next most common scam type, relating around romance and dating.

Now, this friend had changed his password a few times, so I advised him to carefully check the apps that he’d given posting access to in Facebook. If you’re curious, the easiest way is to go into the settings section of Facebook, select apps, and you’ll be told exactly which apps and services have access. In his case, the best approach was to deny access to everything, and then only permit access on a needs basis.

But it was his comment about passwords that got me intrigued. He said he was “running out” of passwords, which suggested to me that he wasn’t really thinking that hard about new password combinations.

Which is a big mistake, but it’s one that many of us fall victim to.

Each year, security firm Splashdata releases its list of the worst passwords revealed through leaks and breaches that are still in common circulation.

You can probably guess what some of them are outright, and any password that a human can easily guess isn’t a security measure at all. Let alone one that any kind of computer might be pointed towards, because the technology there can scan through literally billions of combinations in near no time at all.

Here’s the list for 2021 – if you see one of your passwords on here, change is ASAP.

Top 10 worst passwords in 2021

  1. 123456
  2. 123456789
  3. qwerty
  4. password
  5. 1234567
  6. 12345678
  7. 12345
  8. iloveyou
  9. 111111
  10. 123123

Mind you, if you find your password anywhere in the top 100, or in any dictionary, you’re also running a huge risk of being compromised online in some way. That could be with your Facebook account posting dodgy ads in the guise of your personal recommendation – or the loss of access to your own bank accounts.

So, what’s the solution here? Use strong passwords, preferably secured behind an encrypted password manager, because that way you only have to remember one strong password, not many of them. Use two factor authentication when it’s offered, because while it does introduce a layer of difficulty while you procure your secondary authentication code, it also enhances the security of any account you add it to.

Tips for making a strong password

Make it long – the more characters, the harder it is for a hacker to guess it.

Don’t use single regular words – there’s such as “dictionary attacks”, which quickly attempts to crack your password by trialing every word in the dictionary at once.

Mix up letters, numbers, and symbols – this makes for a more potent password, and a random string is hard to guess.

Don’t use a keyboard pattern – like “qwerty” or “zxcvb” or “123456”. Be original!

Avoid substituting common symbols and letters – the password “p@ssw0rd” is just as easy for a hacker to crack as they’re well versed in these common substitutions.

Try using full sentences – as mentioned, the longer the better, so try out the sentence method. Think of a long sentence like “Geeks2U are my favourite company in Australia”, and grab the first 2-3 characters of each sentence so you have “Gee2UArMyFavCoInAu”. You can easily remember the sentence, and to hackers that’s just a random string of characters.

Use full words that have meaning to you – do you love a certain book series, movie or video game? You can use locations, people, items, and more to make strong and unique passwords. HermioneTheBurrowFireboltSnape is hard to guess but if you love Harry Potter should be a cinch to remember!

It’s 2022. It’s far past time we got past simple to use but simple to remember passwords. It’s a little more work to keep yourself safe online, but with so many of our activities, from simple social media to online banking to just about everything else being secured this way, it’s vital that we all take it much more seriously than using a password such as “123456”.

If you have concerns about your internet or network security, give Geeks2U a call today. We can help you set up anti-virus and malware software, give you tips and tricks to avoid phishing and other scams, and set up your devices right.

alt here
Alex Kidman
Tech Journalist