How to Optimize Your Passwords and Increase Security | by Leesel Fraser

At this very moment, a hacker is running a script and attempting to steal your precious usernames and passwords. If successful, your account credentials will give them full access and control over your account(s), its privileges, and personal and private information in the account. Moreover, if you have several different accounts where you re-used those same credentials, now all of those accounts are at risk to become compromised!

Does this scenario scare you? Then, tune into the rest of this blog to keep your password security game strong.

According to Verizon, 80% of hacking incidents are caused by stolen and reused login information. What can we do to help reduce that large percentage of hacking incidents and where do we start? 

Here are a few tips you can start with to leave this article feeling a bit more informed about how to secure your accounts:

1) Create Strong Passwords

Many of us likely created our first email and other online accounts as early as primary school and have kept the same easy-to-remember passwords (that probably contain personal information) since then. ‘Abc123’ is easy to remember but you (and hackers) have become older and wiser and your passwords should not only reflect the new you but also protect the new you! Over the years, password standards have changed and become less lenient and even more specific on both what’s allowed to be used and how passwords are stored.

I can go more in-depth about password requirements, but there are plenty of tools online that can take your current password and give you a quick yes or no on whether your passwords pass the vibe check.

If you are not sure if your current passwords are considered strong, then first try and see if you can find it on this this list of popular passwords or other hacker dictionaries, and if not, then we are off to a great start so far! 

Next, put your password into  a Password Strength Tester Tool and if all goes well, you will be seeing green! If it is red or yellow, definitely look at the tips the tool may give you, and keep following the steps in this article! 

Don't feel bad though, even Mark Zuckerberg made this common cybersecurity mistake. If you follow step 1, you can say you are better than Mark Zuckerberg at something. If you follow steps 1 and 2, you can say you're better than him at TWO things.

2) Do Not Reuse Passwords

According to TraceSecurity, 81% of company data breaches are caused by poor passwords. That goes for everyone in the company, including the CEO. 

If you took a look at the Facebook/Meta CEO’s mistake of having a poor password in the linked article above, you would see that more than one of his accounts became compromised because he reused that same weak password.

If you reuse the same password for everything and it gets hacked, then you give a hacker the keys to your castle and they can use that same password on all of your other accounts in order to steal your information, impersonate you and even lock you out if they wanted to. However, if you had used different passwords, you would limit the amount of potential damage they can cause because they would have to still try a bit harder or take a longer time to hack the other accounts’ passwords.

Both steps 1 & 2 are important and should be done in your personal life and especially on your work accounts. But, over the course of a person's life, they will have so many passwords and accounts online! How can they create strong passwords and memorize them all while ensuring they don't reuse them? Step 3 can answer that!

3) Use a Password Manager

One way to help you start creating strong passwords and ensure you don't reuse them is to use a password manager. Password managers are applications that usually allow you to generate new, unique, and strong passwords and store them in a secure place to be used whenever you need them! The idea is that you only remember the password to unlock the password vault where all the other account passwords are stored so you don't have to memorize a lifetime's worth of passwords, only maintain and secure the password to your vault! (A popular password manager is literally called “1Password”.)

We, humans, tend to not be the best at remembering or even coming up with random strings of numbers and letters, so let a computer do it for you!

Keep in mind, you should do research on which one works best for your needs as a user. My only note of caution is that if you are thinking about using LastPass, here's a reason not to. (No offense to LastPass, at the time you’re reading this, they may have improved a bunch!)

4) Use Two-Factor Authentication

Let’s say maybe your data was exposed during a data breach and someone gets their hands on your amazing passwords. If you have a form of two-factor authentication (2FA) enabled, they won’t immediately get into your account!

A “factor” is a piece of evidence that an application may request when you try to sign in or access certain information that lets the app know that the person who is trying to sign in/access something, is actually that person who they claim to be. You will be asked for something that only you would know (for example security questions), only you are in possession of (for example your phone), or that only you are (for example fingerprint or biometric scanning). 

Most commonly, apps request you to give them a code that is sent to your phone via SMS or through an authenticator app. Some of the most commonly used authenticator apps are:

• Google Authenticator
• Microsoft Authenticator
• Twilio’s Authy

You may have already been familiar with or are using some of these apps to enhance your account security as many apps and employers are making 2FA required!

Something a good amount of people may be unaware of and might be interested in knowing about is the next resource in step number 5.

5) Check if You Have Been Pwned

This one is quite peculiar … What is “pwned”? How do you even pronounce that?

The word originates from a misspelling of the word “owned” in gaming communities, and can be pronounced like “poned” (most common), “owned”, or “pawned”. To be pwned, in the cybersecurity sense, means that your information has been obtained illegally and you therefore got “owned” or victimized by a hacker.

Fun Fact: Hackers have published as many as 555 million stolen passwords on the dark web since 2017. (Cnet, 2020)

In order to check if you have been pwned (a.k.a. to check if your information has been in a data breach), go to https://haveibeenpwned.com/ .

Whew! That was a lot, but I hope you feel more informed about some good cybersecurity practices that you and your friends and family can follow in your personal and professional lives!

Leave a comment below on whether or not you have been pwned! Please also share down below if you have any other tips to share, favorite password managers or recommendations, questions, updates, hacking experiences or feedback.

And remember, recycling is great - just not when it comes to passwords!!!

Hack you later :)

Leesel Fraser is a US-based Software Engineering Apprentice at Multiverse and is writing for the Apprentice Lens as part of the Blogging Team. Here’s more about her:

“Born and raised in New York City, Leesel grew up in a fast-paced environment around a melting pot of diverse experiences and backgrounds, and at a young age, she found her passion for technology, problem-solving, and continuous learning. She aims to write blogs that will help you understand technical concepts as well as learn and grow professionally and personally.”