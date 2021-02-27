I was hacked!
Yes, once again the little gremlins that troll in the dark corners of the electronic world somehow got one of my email passwords figured out and decided to send erroneous messages to people I don’t even know. I was able to change my password before too much harm was done, and the one I chose is so difficult to figure out that even I had to practice it a couple of times.
My world, once again, is safe, but now that many more of us are working from home and ordering all sorts of items regularly through the internet such as groceries, clothing, medicine, food (think DoorDash or GrubHub), transportation (Uber, etc.), basic necessities (think toilet paper, plastic gloves, masks and disinfectants), and out of the norm items such as a car (think Carvana) or taking a tour of a potential living space, it’s no doubt that cyber thieves are running rampant using every trick in the book (and some pretty darn ultra-inventive ideas). A huge problem our population faces is protecting our passwords from the often-clever traps set by these despicable invaders.
By now, most of us already know not to use a sequence of numbers when inventing a password or not to use your name. And it’s also unwise to reuse the same password for all of your accounts (one hack could be disastrous).
According to Verizon’s 2017 data breach investigative report, 81% of hacking-related data breaches stem from poor password security. With the rise of remote work and learning in the wake of the pandemic, protecting the security of our passwords that lead to our personal accounts has become tremendously important in 2021. As a result, it’s important to know what not to do.
According to an article in www.huffingtonpost.com, ID Agent, a dark web monitoring company owned by IT software company Kaseya, says it identified the most common stolen passwords found on the dark web in 2020 based on a scan of nearly 3 million passwords.
What’s the dark web? The dark web is a part of the deep web, an area of the internet that doesn’t get indexed and cannot be found by a search engine. According to Kaseya, the dark web can only be accessed through a specific browser that provides anonymity to its users. Though not all content on the dark web is malicious, cybercriminals use the dark web for various illegal purposes, including the sale of stolen credentials.
Based on the top 250 passwords they discovered on the dark web, ID Agent said the most common categories used to generate those passwords include sequential strings of numbers, names, sports references, famous people or characters, and more. Fifty-nine percent of Americans use a person’s name or birthday in their passwords, while 33% include a pet’s name and 22% use their own name. The average user also reused their bad password 14 times.
Other than those mentioned above, some passwords that are easy targets to scammers are: simply the word “password” or Passwword1, Qwerty1 of Qwerty123, ABC123, lemonfish, sunshine, or repetition of a number such as 11111. Lemonfish? Who would have thought that would make the top 10?
The analysis also identified the most common words used within various categories of passwords. For instance, it found that “maggie” was the most common name among the top 250 passwords on the dark web. Sports lovers like to include the word “baseball” most often in their passwords. “Newyork” was found the most often among cities that were used, and “cookie” was the most common food word.
Other than not using your name, using the name of a close family member makes it easier for hackers to guess your password. In fact, at least 92 of the top 250 most common passwords found by ID Agent were first names or variations of first names. The article’s tip was to come up with a nonsensical phrase that only you would know (but one that you won’t have trouble remembering!).
If you reuse the same password for every account, you make it that much easier for criminals to hit the jackpot if they figure out what it is. About 39% of people say most of their passwords across both their work and home applications are identical. Password generators can help; Google Chrome has the function built in, or you can try tools such as passwordgenerators.net or LastPass.
Since the average U.S. adult has between 90 and 135 different applications that require a set of credentials, no one can memorize that many, so the best way to keep track of numerous passwords is to use a secure password manager that prevents you from storing passwords on your phone or tablet, a common habit that makes it easier for cybercriminals to get their hands on your credentials. Some options include LastPass, Keeper Security or 1Password.
Me? I need to manage passwords for work, my home, an animal rescue, bills that I pay monthly for others, etc., including various bank accounts, credit cards and utility companies, aside from my own personal needs. I’ve tried RoboForm to manage them, but I get confused selecting the right account. My preference is a 20-plus page Excel spreadsheet with tabs and the good old-fashioned Rolodex cards if I’m in a hurry or happen to be in another program.
It’s a generational thing, I guess, and a way of life too difficult to change even in an age of dark web trolls.
Peg DeMarco is a Morganton resident who writes a weekly features column for The News Herald. Contact her at pegdemarco@earthlink.net.