How safe is my password?
If you use the same one or two passwords for all accounts, then the likelihood is that your password isn’t as secure as it should be. It’s fairly common that people pick a combination of words, numbers and letters that they can remember and then replicate that as a 'master password' across their accounts. If you are one of those individuals, you’re far from alone. A security survey conducted by Google discovered that over half of us use the same password for more than one account, while 13% of people will use the same password for all accounts. This is a bad habit and you should absolutely be using different passwords for every account.
Types of password attack
There’s more than one way to hack a password, and that is what makes it so important that you have more than one password serving as your online defense:
- Brute force attack: As the name suggests, this is when the hacker guesses your password through sheer force of will. We’ve all been there, pausing at the log in screen of an old account and trying your luck with a mildly strategic guess of what your password might have been. Take that and crank it up to hacker levels, where they can program a string of code to do the guesswork for them, and a weak password can be broken in mere seconds.
- Credential stuffing: Cybercriminals who have gained access to username and password lists from a website breach will often use them to initiate a credential stuffing attack. Here, the attacker will identify the website accounts from the list of emails on their list to see if the stolen password will work for these accounts as well. As passwords are recycled by such a large number of users, credential stuffing attacks can greatly amplify the damage caused by an initial data breach.
- Phishing: You’ve probably experienced this one before, but were able to recognise it for what it was. Unfortunately, not everyone is so lucky. A phishing attack is when a scammer lures you in with fake correspondence like an email from your bank. You’ll be asked to input your credit card details to resolve some issue, usually one that is too good to be true like you being due back some money. Once they have these details, it’s game over. If you ever get an email from your bank asking for this information, assume that it’s a phony message and call the bank directly to confirm its validity.
- Dictionary attack: Similar to brute force, a dictionary attack assumes that you are using common words, which you most likely are. Running through dictionary terms, if your password consists of one or two standard words, you’re unlikely to survive this one unscathed.
Password security best practices
So, now you know what you shouldn’t be doing, what should you be doing to keep your digital identity and activity safe? Here’s a quick summary of the top dos and don’ts:
Use a secure, unique password and never the same one twice
A secure password is a unique password and that, as the name suggests, is a password that is totally unique to you as a user and your account. Your password should never be used anywhere else, or be associated with any other account or username. A truly strong and unique password will consist of the following:
- Uppercase characters
- Lowercase characters
- Special characters (!#%$*)
- Longer than 15 characters
Common sense abides here. You may not be a hacker, but it doesn’t take a cybercriminal to know that a five-character password is a lot easier to crack than a 20-character password, or that the obvious QWERTY (those are the first six letters on the top left-hand corner of your keyboard) password is, well, obvious. Avoid numbers and symbols that are clearly stand-ins for letters, for example 0 instead of O, 8 instead of B, and $ instead of s. You should also aim to change your passwords once every six months to better protect your personal information online. This may seem over-zealous, but you can never be too safe when it comes to your online security.
Using a password manager
This is where password generators come in. After all, a program can defend against a hacking program better than the human mind. For example, '&*Td^zJxsQkF' is extremely secure, and maybe you could have generated that yourself. But human habit is very predictable, and we are all very likely to follow similar keyboard paths even when we are trying hard to be random.
Use two-step verification
Two-step verification is when you use two methods of security to gain access to your account, usually requiring multiple devices. A common method is to require your password as step 1 and then to input a one-time code sent via SMS as step 2. Other methods include an automated phone call to the mobile number associated with the account, or a code emailed to a different email than the one you created the account with. The idea is that even if a hacker gains access to your original account, it’s unlikely they will also have your phone and secondary email to hand. Dropbox provides an option for two-step verification to be applied to your account meaning your documents are made doubly secure via SMS or a mobile authenticator app.
Use trusted, secure sites and file hosting services
Secure sites will have a small padlock appear in the address bar, and it is vital you confirm this before doing anything such as online shopping or sharing personal information. The vast majority of sites have this feature, but if you plan to host files and folders, you’ll want to make sure they’re even more protected. Dropbox, for example, utilises encryption and meets strict levels of compliance to provide multiple layers of cloud security.
Don’t use public or insecure Wi-Fi
A public Wi-Fi hotspot is an open connection which means anyone can use it. All it takes is someone with bad intentions to connect to this network and they’ll quickly be able to take advantage of other users. As a rule of thumb, never share information like bank details or credit card numbers on a public Wi-Fi hotspot.
Maintaining password security is incredibly important and means you should be making long-lasting habits of the steps listed above. We’re only human, and there are only so many passwords we can remember, but thankfully password managers can do the remembering for you. Even if you’re on your A-game when it comes to passwords, there’s no such thing as being too secure. Whether you’re a business, a freelancer or just sharing documents with friends, Dropbox values your security as highly as you do.