60 Million Dropbox Users Agree: Don’t Reuse PasswordsYou may have heard of Dropbox. They make software that enables people and businesses to store and share documents online. It’s convenient. However, it means a lot of people storing sensitive information in their accounts. You can imagine the panic and disaster that would come with a data breach. Which happened in 2012. 60 million users had their emails and passwords leaked. All because of reusing a password. One of Dropbox’s employees had their LinkedIn details stolen which they also happened to be using for their corporate account. Using these details, the hacker accessed the network and seized a document containing the emails and passwords of 60 million users. Scary. The company has boosted its security standards since then, of course. They encourage their staff to use different passwords for each of their corporate logins. They use two-factor authentication, which requires users to prove who they are with at least two pieces of information. And they advise their employees to keep their strong passwords in a password manager (something we’ll get to later). But this incident does highlight the danger of reusing passwords. While this story is about one company, their situation is by no means isolated.
The High Cost of DataIn 2017, the communications company Verizon published some concerning figures in its annual Data Breach Investigations Report. 81% of hacks can be traced to weak and stolen passwords, and 70% of employees admit to reusing these. In the same year, it was reported that recuperating from a data breach could cost a UK business up to £2.5 million. The General Data Protection Regulation (GDPR), which was introduced in May 2018, only makes the consequences more severe. Using data irresponsibly can see companies fined £18 million or 4% of their annual turnover, whichever is higher. Read more: how GDPR compliance can benefit small business infrastructure Despite this, lots of people will stick to using short passwords that are easy to remember for all of their accounts. After all, coming up with strong passwords is tough. Right? It doesn’t have to be. In fact, there’s a tool that can help you to create and manage strong, secure passwords. It’s something Dropbox started using after their data breach nightmare. What is it? A password manager.
What is a Password Manager?A password manager is a tool you can use to create and store strong passwords for each of your online accounts. Think of everywhere you’re using passwords right now. This may include your:
- Drive and documents
- Business bank account
- Customer records
- WiFi network
- Website backend
- Mobile phone
The Do’s and Don’ts of PasswordsDo:
- Use 10 characters or more. The longer a password is, the harder it is to crack.
- Make them complex. Use a combination of upper and lower case letters, numbers and symbols. Something like ‘H6l10ev6y1ne@wOrk!’.
- Use mnemonics. This is where you turn a sentence into a tough code. So, ‘I like IT support’ might become ‘1.Lice.1t.Zu990Rt.’.
- Combine random words together. For this one, you need to think of words that have absolutely nothing to do with each other. ‘fishmonger glass overdraft screwdriver’ for example.
- Change your passwords at least once every six months. This will help you to reduce your chances of being hacked.
- Change your password immediately if you suspect it’s been compromised. Don’t spend any time waiting or thinking about the likelihood of this happening. Just do it.
- Encrypt all of your documents. This scrambles the data so that only users with a password, set by you, can read it.
- Repeat, or use any part of, your username in your password.
- Use any personal information, including that of yourself and your friends and family. That includes pets.
- Use numbers or letters in simple patterns, like ‘123456’ and ‘abcdef’.
- Combine obvious words together, like ‘Hello there’. Substituting some of the letters with numbers – such as ‘Hell0 there’ – won’t help much either.
- Use either of the last two methods in reverse order.
- Have a blank password.
- Write them down on paper anywhere. A strong password becomes weak if anyone can easily see it.
- Share them with anyone, no matter how much you trust them. And don’t share them in emails or messaging apps either.
- Store them in your web browser’s save history. Often, a pop-up window will ask you if you want to do this. Say no each time.
- Type your password into a device used by someone else. If your password gets saved there, they’ll have access to it.
SummaryReusing the same, weak passwords for each of your online accounts is a dangerous gamble. While it’s always the easier, more convenient thing to do, this comes with a high cost if you’re breached. After password reuse lead to Dropbox losing 60 million of its users’ information, they took big steps to improving security standards in their business. One of the actions they took involved using a password manager. This can help you to easily make and manage strong passwords for all of your online accounts. Using the same one over and over means a hacker can easily access any of these by getting their hands on just one set of your details. Even without a password manager, you can follow some simple best practices for making more secure passwords. This includes:
- Using lots of characters, which are complex and random.
- Changing them at least twice a year.
- Changing them right away if you suspect you’ve been breached.