Read Time: 4m, 57s

Change Your Password. Now.

November 30, 2017
A crack,pictured in fluorescent green lighting

sunshine
123456
qwerty
admin
dragon
[pet’s name] + [year you were born]
And of course…. Password123

If you’re using any of these guys to secure your information, we have a strong message for you: change your password. Now. It’s one of the easiest things you can do to keep your data safe.

You might think, “Nobody would even bother hacking me or my site! I’ve got nothing to steal!” or “my information’s worth squat! Who wants to read my emails?” But there is a litany of reasons someone would hack.

So, here’s just an abbreviated list…

It might sound unconvincing but some hackers are just bored.
Bored and a little nasty. Often hacking is their way of gaining reputation or a sense of achievement. Sometimes that reputation or achievement will be for things like a search engine rankings boost – they might add links to your site that link to theirs. Unless you’re keeping an eye on logins, you might not even notice they’ve done it.

It’s not all credit card details and government secrets
Your data can be sold online for actual dollars. The New York Post has compiled a short list of the value of various pieces of data and it’s a bit alarming. Even your Spotify password is worth a few bucks – about US$2.80. Your Netflix password’s US$3.05.

Or maybe they’ve got a point to prove.
Take FaceID as an example: The moment the iPhone X was available, the internet was flooded with articles and videos of people’s attempts to hack it. And people did.

So, how do you stop them?

We asked our security nerd expert and front-end development wizard, Manie, for his advice. Manie’s pretty well known in our office for unsolicited lectures on digital security. If he hears your Hotmail password’s the same as your iPhone unlocked code… He’s going to have something to say.

Here’s what he said. It’ll leave you with a to-do list.

 

1. The same password twice is NEVER OKAY.

We can see you scoffing at this. No, we’re not joking. It really is essential. Your Club Penguin account could get hacked – and that could lead to your Facebook. Or your PayPal. Or anything really. And they will try.

2. Say “Yes” to Multifactor authentication!

You’ve probably heard more about it lately, but it’s been around a while: it’s the same system that ATMs use: To access your money, you need a bank card and your PIN.
The basic principle here is this: you can only access after providing two or three pieces of evidence that you have the right to access the information. It might be a password and then an answer to a question. It might be a fingerprint. Sometimes it’s evidence that you have access to the phone number registered to the account. Simple advice on this one: wherever possible, enable it. When it’s a choice between an extra few moments and the confidentiality of your data, you know Future You would kick Current You for leaving it out.

3. Your email password is more important than your banking password.

Think about it – how do you retrieve your password for Facebook after you forget it? Because most of us have had our email accounts forever, it might have happened before we became so concerned with digital security. Or before we learnt how to construct a really strong password. Don’t worry, you’re about to learn…

4. Sentences or initialisms.

The longer the password, the harder it is to guess via brute force. Bots can guess common and short passwords in a matter of moments. A longer one might take the millions of attempts, by which point you are likely aware someone is making multiple attempts and you can block their IP address or addresses from accessing your site.

Sentences are easier to remember than random strings of characters. And you can make a seemingly random string of characters from a sentence.

Try something like…
The Number One Muffin In My Mind Is Banana and Chocolate Chip. Banana Choc Chip Forever.
And turn it into…
T#1MimMiBaCC.BCC4ever.

All we did there was make an initialism from it – capitalising the nouns to make it easier to remember, and using common character substitutions to streamline it. That would take brute-force bot attackers literally millions of years to crack using the current technologies available to them. Sure, those technologies will get more and more advanced in the coming years to compete with the hiking value and volume of your data online. But you should be changing them regularly anyway…

5. Still worried about forgetting? Make friends with a Manager.

Get a password manager – there are a range of them on the market. They can remember your passwords for you, and many can give you a cheeky reminder when you’ve used that password before. Most will encrypt those passwords that you’ve stored with them, so you’re pretty safe from hackers. Unless someone grabs your computer when you’re logged in…

When we build your platform, we put in a bunch of mechanisms in place to ensure that your data – and that of your users – is as safe as possible. It’s a combination of plugins, regular maintenance, updates, vigilance. And, of course, having secure passwords for all users. That includes you. No more “password1234”.

 

Imagine trying to clean up spilt milk off the floor.

You can try to put back in the carton, but you won’t succeed. Even if you do, it’s dirty now. It’s been on the floor. This is your data. Once it’s leaked, you can’t get it back. You probably shouldn’t cry over spilt milk, but losing control of your data… Weep-worthy. But there’s no use in crying – take the steps.

Prevent identity theft. Prevent embarrassing or brand-destroying hacks. Change your passwords.

 

Share On

Sign up to our newsletter

  • This field is for validation purposes and should be left unchanged.