Cyber Pickpocketers want your Passwords

Updated April, 2019: This article was originally written in Nov., 2011. We thought it was just as important today, so spruced it up with some current examples.

How is a pickpocketer like an online hacker?

Offline it may happen like this: Someone accidentally bumps into you and, the next thing you know, your wallet is missing.

Online you may not even know it is happening, but if someone does find out your password (for your website, your email account, your Facebook account or worse…), they can cause lots of damage:

  • They could steal your money or personal, private information
  • They could pull down your website, put up bad code (that collects your visitor's info), or send your visitors to an inappropriate site
  • They could email annoying spam to all your contacts (friends, family, business associates) disguised as your email address

Whatever they do, the result is similar to being mugged or pickpocketed: You may be left scared, waiting for them to come back and wondering, Why me?

Typically, hackers (like muggers and pickpocketers) aren't after you personally, though try telling that to someone who has just encountered one.  It probably has nothing to do with you…other than you were the easiest target around them at that moment.

Are you making yourself an easy target? Are you doing any of the following:

  • Using the same password everywhere
  • Using a common word, like your dog's name, for your password

You probably thought it was just easier to use the same password everywhere. Nowadays, we have to remember so many passwords. It just makes sense to make it easy on ourselves, right? Well, not with cyber pickpocketers (better known as Hackers) around.

Let's look at what is known about how some of these Hackers work (there are a lot of other ways, but these are two of the more common types):

1. The Repeat Offender: Let's say you use that same password everywhere. A hacker figures it out in one place, do you think he/she is going to stop there? It doesn't matter how obscure the word is, if you use that password everywhere and someone figures it out in one place, they have then figured it out for all your accounts. And think about it this way:

  • If they have access to your email account, they probably have access to more info about you than they need
  • Just getting into your Facebook account could eventually lead them to where you bank, and they are banking on you using that same password everywhere
  • Do yourself a favor, if you do nothing else right now, make your bank password really secure… now!
  • AND AS A BUSINESS OWNER: Do your customers/clients’ a favor – make sure their info is safe, by creating unique, secure passwords for your site and email address (wherever they share info with you!)

2. The Dictionary Thief: These guys aren't stealing dictionaries, but they are making an educated guess you are using a common name or a word found in the dictionary. These guys/gals have done their research, they also know the most common words people use as passwords. Here are a few (not in any particular order) of The Worst Passwords Of 2018 according to Forbes.

  • 123456
  • password
  • 123456789
  • 12345678
  • monkey
  • sunshine
  • princess
  • iloveyou

If you are using any of these most commonly used passwords, PLEASE change them immediately.

Those dictionary thieves create computer programs to run a script that goes through every common word and name. The computer script does the work for them, they just let the program run – any time of day or night – until it finds the password that gets them logged in!

Again, in most cases, they aren't going after you personally, they are just looking for an easy password to gain access. So, with a little work you can save yourself a lot of trouble!

These are just two of many examples! I'm not trying to make you feel helpless, it's the opposite, I want you to take control. Maybe I am trying to scare you a little…though just enough to make you take action!

So, what actions can make you more secure right now?

I'll make suggestions in a moment, but first want to state that a quick and easy thing to do is get 1Password and start using this powerful tool immediately!  I highly recommend it to create and manage all your passwords.  I have been using it myself since April of 2010 and can't believe I ever existed without it. 

I love their video, because it shows you how easy it is to use:

There are a ton of reasons I use it, but the top ones are:

  • You create 1 Master Password to log into this password management tool (don't get confused, this is the password to unlock 1Password).  Think of it like an apartment manager being able to unlock any door, even though all the individual doors have their own keys. This means you only have to remember your Master Password to get access to all your other really long, secure passwords
  • It has a password generator tool built-in, so you can easily make a strong password that automatically gets saved in this software
  • It is encrypted, so it keeps everything secure
  • It has a browser add-on: If you are online and need to log in to any online site (Facebook, Gmail, your bank, anything…) you just click the 1P icon and it fills in the password for you!

What are the best practices for creating user names and passwords?

Below are a few of the top ones I like to share with my clients, but there are always more things you can do:

  • Create unique user names and passwords for each account (DO NOT use the same user name and password on everything from your email account to your bank account! This is critical and can't be stressed enough!)
  • Keep passwords in a secure place, like a tool specifically encrypted for password storage.
    • This helps you to not have to remember multiple passwords, because it remembers them for you, then protects the various ones you have created.
  • Either use a password generating tool (included in 1Password) or make sure the password contains a mixture of upper and lower case letters, numbers and special characters. Do not use a common word that is in the dictionary and then throw in a # or two at the end. Break up the letters with characters and #, the longer the better.
    Here is an example of a secure password: 992t2S#92M9!C7yb4nb9D7h4&dRm7^zEjs8Ws3QQ
    (I know, you are thinking, “Who can remember that!?” Don't worry, 1Password will make it so you don't have to remember this password, just one master one!)
  • Do not provide your passwords to others – even your staff.  If you have to give someone a password, create separate ones for each staff member or intern who might be helping you out. That way, should they leave, you can delete that password and create a new one for the person who is taking over.  And, did I mention, you can manage them all within 1Password.

OK, I'm not saying this is the only password tool out there.  I used to use a free one, but it didn't have as many features.  I'd rather you use one of those than have you keep using the same common word as your password for everything!  However, the reason I fell in love with 1Password was because it is so simple to use.  It can also sync across multiple devices, which are all encrypted with the same level of security as financial institutions use.

So, now you have no excuse not to have a secure password. 

Please do take this seriously and change your passwords to something more secure now, before the cyber pickpocketer happens upon your website (with access to your confidential info and or your clients' personal data), email account, Facebook account or worse (anywhere with your credit card info)!

Keep it secure!  And, if any of your accounts should get hacked, change the password immediately, along with any other accounts that share it!

One comment on “Cyber Pickpocketers want your Passwords

  1. This is an invaluable article, Bethany, thank you! I’m glad you got me going on 1Password. I always appreciate your clear, intelligent advice to help navigate the cyberworld.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.