Cyber Pick Pocketers want your Passwords

How is a pick pocketer like an online hacker?

Offline it may happen like this: Someone accidentally bumps into you and, the next thing you know, your wallet is missing.

Online you may not even know it is happening, but if someone does find out your password (for your website, your email account, your Facebook account or worse…), they can cause lots of damage:

  • cyber pickpocketThey could steal your money or personal, private information
  • They could pull down your website, put up bad code (that collects your visitor’s info), or send your visitors to an inappropriate site
  • They could email annoying spam to all your contacts (friends, family, business associates) disguised as your email address

Whatever they do, the result is similar to being mugged or pick pocketed: You may be left scared, waiting for them to come back and wondering, Why me?

Typically, hackers (like muggers and pickpocketers) aren’t after you personally, though try telling that to someone who has just encountered one.  It probably has nothing to do with you…other than you were the easiest target around them at that moment.

Are you making yourself an easy target? Are you doing any of the following:

  • Using the same password everywhere
  • Using a common word, like your dog’s name, for your password

You probably thought it was just easier to use the same password everywhere. Nowadays, we have to remember so many passwords. It just makes sense to make it easy on ourselves, right? Well, not with cyber pickpocketers (better known as Hackers) around.

Let’s look at what is known about how some of these Hackers work (there are a lot of other ways, but these are two of the more common types):

1. The Repeat Offender: Let’s say you use that same password everywhere. A hacker figures it out in one place, do you think he/she is going to stop there? It doesn’t matter how obscure the word is, if you use that password everywhere and someone figures it out in one place, they have then figured it out for all your accounts. And think about it this way:

  • If they have access to your email account, they probably have access to more info about you than they need
  • Just getting into your Facebook account could eventually lead them to where you bank, and they are banking on you using that same password everywhere
  • Do yourself a favor, if you do nothing else right now, make your bank password really secure… now!
  • AND AS A BUSINESS OWNER: Do your customers/clients’ a favor – make sure their info is safe, by creating unique, secure passwords for your site and email address (wherever they share info with you!)

2. The Dictionary Thief: These guys aren’t stealing dictionaries, but they are making an educated guess you are using a common name or a word found in the dictionary.These guys/gals have done their research, they also know the most common words people use as passwords. Here are a few (not in any particular order) of the Top 25 worse Internet passwords:

  • password
  • 123456
  • 12345678
  • abc123
  • monkey
  • letmein
  • dragon
  • superman

Dictionary If you are using any of these most commonly used passwords, PLEASE change them immediately.

Those dictionary thieves create computer programs to run a script that goes through every common word and name. The computer script does the work for them, they just let the program run – any time of day or night – until it finds the password that gets them logged in!

Again, in most cases, they aren’t going after you personally, they are just looking for an easy password to gain access. So, with a little work you can save yourself a lot of trouble!

These are just two of many examples! I’m not trying to make you feel helpless, it’s the opposite, I want you to take control. Maybe I am trying to scare you a little…though just enough to make you take action!

So, what actions can make you more secure right now?

I’ll make suggestions in a moment, but first want to state that a quick and easy thing to do is get 1Password and start using this powerful tool immediately!  I highly recommend it to create and manage all your passwords.  I have been using it myself since April of 2010 and can’t believe I ever existed without it.  There are a ton of reasons I use it, but the top ones are:

        • You create 1 Master Password to log into this password management tool (don’t get confused, this is the password to unlock 1Password).  Think of it like an apartment manager being able to unlock any door, even though all the individual doors have their own keys. This means you only have to remember your Master Password to get access to all your other really long, secure passwords
        • It has a password generator tool built in, so you can easily make a strong password that automatically gets saved in this software
        • It is encrypted, so it keeps everything secure
        • It has a browser add-on: If you are online and need to log into any online site (Facebook, Gmail, your bank, anything…) you just click the 1P icon and it fills in the password for you!

What are the best practices for creating user names and passwords?

Below are a few of the top ones I like to share with my clients, but there are always more things you can do:

  • Create unique user names and passwords for each account (DO NOT use the same user name and password on everything from your email account to your bank account! This is critical and can’t be stressed enough!)
  • Keep passwords in a secure place, like a tool specifically encrypted for password storage.
    I recommend 1Password:

    This helps you to not have to remember multiple passwords, because it remembers them for you, then protects the various ones you have created.
  • Either use a password generating too (included in 1Password) or make sure the password contains a mixture of upper and lower case letters, numbers and special characters. Do not use a common word that is in the dictionary and then throw a # or two at the end. Break up the letters with characters and #, the longer the better.
    Here is an example of a secure password: h*#3Tma4pP7j2$*8
    (I know, you are thinking, “Who can remember that!?” Don’t worry, 1Password will make it so you don’t have to remember this password, just one master one!)
  • Do not provide your passwords to others – even your staff.  If you have to give someone a password, create separate ones for each staff member or intern who might be helping you out. That way, should they leave, you can delete that password and create a new one for the person who is taking over.  And, did I mention, you can manage them all within 1Password.

OK, I’m not saying this is the only password tool out there.  I used to use one called DataGuardian, that worked well. And there are free ones out there, as well.  I’d rather you use one of those than have you keep using the same common word as your password for everything!  However, the reason I fell in love with 1Password was because it is so simple to use.  And, 1Password works for Mac, PC, iPhone, iPad, Android…It can also sync across multiple devices.

So, now you have no excuse not to have a secure password.  Please do take this seriously and change your passwords to something more secure now, before the cyber pick pocketer happens upon your website, email account, Facebook account or worse!

Keep it secure!  And, if any of your account should get hacked, change the password immediately, along with any other accounts that share it!

Bethany Siegler

Bethany is the founder of UniqueThink, an online marketing and web design/development firm in Boulder, CO. She specializes in WordPress websites and blogs, Email Marketing and overall marketing strategies.

View all posts by Bethany Siegler

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.