I’m a cybersecurity expert, here’s how to choose a scam-resistant password

US
By James

A leading cybersecurity expert has revealed the biggest mistakes people make when choosing their password – and explained how to tell if your password has been hacked.

Dr. Chris Pierson, who served on the Department of Homeland Security’s privacy committee and cybersecurity subcommittee, said even uploading a post to social media could compromise the security of your accounts if you’re not careful.

The average American now has 85 different passwords to remember, while 555 million logins have been stolen and shared on the dark web since 2017.

And an astonishing 17 percent of those cases came from hackers who successfully guessed their victims’ passwords.

But for Dr. Pierson, who now runs a security company Blackcloak, these figures come as no surprise. He said oversharing on social media has made it increasingly easy for hackers to find out what your password is.

Dr. Chris Pierson, who served on the Department of Homeland Security’s privacy committee and subcommittee on cybersecurity, said oversharing on social media puts your passwords at risk

About 17% of account hacks came from fraudsters who successfully guessed their victims' passwords

About 17% of account hacks came from fraudsters who successfully guessed their victims’ passwords

This is because, for example, someone can use their dog’s name to log in.

If they then share photos of the pet — in addition to its name — on their Instagram, hackers essentially get the key to all of their accounts.

“If you’re choosing a password, make sure it’s not related to your personal life in any way,” Dr Pierson told Dailymail.com.

“If you’re all over Instagram at a Taylor Swift concert, don’t use any reference to her in your passwords.”

He said the only way to ensure your accounts are truly secure is to use a password manager.

These services generate rock-solid passwords and automatically store them on your device or browser so you don’t have to remember them yourself.

When you sign up to a site, your computer automatically fills in the form.

Many charge for the service, but a growing number of companies are offering them for free.

For example, if you use Google Chrome as your main internet browser, it also offers a free, automatic password manager.

Passwords are a growing goldmine for cybercriminals.

If fraudsters gain access to only one of your online accounts, you are at risk of identity fraud and more likely to fall into impersonation scams.

How to find your compromised passwords on web platforms

Apple iCloud Keychain:

On a Mac or iPhone, open the Keychain Access application, click Settings > Passwords > Security

Keychain displays a warning sign next to compromised passwords and provides an option to change them

chrome:

Google has a password checking tool that can be accessed at passwords.google.com. Click Password Verification > Verify Passwords

Microsoft Edge

If you are using the edge browser, click Settings > Profile > Passwords and enable Password checking

dashlane

Dashlane will automatically show you if any of your accounts have been compromised. It performs daily security checks on your stored information.

It also allows you to check if your information has appeared on the dark web. To do this, go to Dark Web Monitoring in the app and select ‘Start Monitoring’

1Password

Click on the Watchtower or Security Audit section of 1PAssword to scan your passwords for breaches and vulnerabilities

And because many people use the same password for multiple accounts, more could be compromised if hackers gain access to one account.

In addition, this data is often freely exchanged on the dark web, allowing numerous other criminals to access your personal information.

Dr. Pierson says that’s why it’s important to regularly check to see if any of your accounts have been compromised.

Most apps and service providers now allow users to see if their data has been compromised.

Google announced last month that it would warn all Gmail users if their email addresses appear on the dark web.

And last year, Apple also automatically identifies common weaknesses in user passwords when they are stored in iCloud Keychain.

To make use of it, an Apple user has to click in their settings, hit the “passwords” button, and then click “security recommendations” again.

There is a switch that then asks users if the software wants to detect when passwords have been compromised.

But while most people have access to these tools, they don’t use them.

Often this is due to the sheer amount of leaks that can make it daunting for a user.

Dr. Pierson therefore recommends prioritizing your passwords in order of importance.

He said, “Obviously your money and bank accounts are the most important.

‘But also look at where your logins intersect. For example, you don’t really care if someone hacks into one of your airline accounts, but if it’s the same data you use for your bank, then suddenly it’s about more than just your miles.’

The vulnerability of passwords leaves many wondering how long they will last.

Technology companies have invested in numerous other authentication methods.

These include two-step authentication methods that can text you to give you a code or use a separate app that authorizes a login.

As of this week, Google allows more than nine million organizations to allow users to sign in to a Google Workspace or Google Cloud account using a password sent to their phone.

It has led many to speculate about a “password-less future” where written logins will soon become a thing of the past.

But Dr. Pierson denies that this is the case.

“You go to the grocery store and still see people using checkbooks at the checkout. Passwords will always exist in one form or another,” he said.

You might also like More from author