When creating an account for a website or an app nothing is more frustrating than receiving an error message that reads “Password requirements have not been met”. Most internet users will update that password by adding numbers and special characters in order to quickly finish the sign-up process. But more often than not that new password is forgotten. An irretrievable password leads to a multi-step process to create a new one. 76% of users will then reuse a password, making that account and others vulnerable. In our digital era where one American adult may have 100 different online accounts, how does one create and keep track of strong passwords. Using advice from CISA, US’ Cybersecurity and Infrastructure Security Agency, Elder Protective Services recommends creating a strong password, not reusing passwords, and utilizing a password manager and MFAs.

What is a Strong Password?

Anyone who uses technology uses passwords. We use them all day, every day – logging into our computer, accessing our emails, unlocking our phone, shopping online, and even checking our bank accounts. So what are these secret codes? A password is a string of characters typically paired with a user or account name that
authenticates a user. In other words, when using a computer system, your password confirms you are in fact who you say you are – which is why users should NEVER share passwords with anyone. Most account registrations require passwords to include a mix of upper and lowercase letters, numbers, and special characters or symbols.

In the example registration below, the system has three password requirements that must be met in order to complete the signup process.

 

 

register

Based on the password requirements, the following should all make for “strong” passwords:
● Chee$ePizza1
● Bella1974
● P@$$word25!

Though each password “satisfies” the provided requirements, these examples would not be considered “strong” because of one similarity – common patterns. When using everyday words, like “cheese”, proficient hackers know to replace letters with special characters or symbols. Using familiar words, birthdays, and even pet names with simple character replacements make passwords easier to guess.

Why is a Strong Password Necessary?

Unfortunately password hacking is a thriving business. Cybercriminals hack passwords in order to steal data, assume another’s identity, access bank accounts, and much more. Weak and reused passwords make user’s personal and private information vulnerable. A recent study from the Pew Research Center found that 65% of users “report that memorization is the method they rely on the most (or is the only method they use) to keep track of their passwords”. Generally, users who rely on memory choose weak or less secure passwords because they are easier to remember. However, password reuse or a less complex password choice can put ALL of a user’s accounts at risk through hacking and phishing.

A strong password is necessary to prevent and deflect password hacks. A reused or weak password can make accounts prone to the following passwords hacks.

Credential Stuffing

After a data breach, hackers compile stolen information into a list and sell that list to other cybercriminals. These account robbers will use the username and passwords from the data breach list to hack into various accounts and steal more personal and private information. Users who have never changed their password after a data breach or an account break-in are at serious risk for credential stuffing. To avoid credential stuffing it is important to change and update passwords regularly. The longer a password goes unchanged, the more vulnerable the account is. If that password is often reused, all accounts with that user’s information are exposed.

Phishing

Any successful fishing trip begins with a believable lure that attracts the fish. A fish captivated by that lure is hooked and dragged to the surface. Online phishing operates the same way. A hacker baits the victim with an email or text that appears believable and even reliable. When the victim clicks the links within the fraudulent message the hacker gains personal and private information voluntarily from that user. Oftentimes these phishing messages will provide a link to “reset your password”.When users reset their password, their credentials are stolen. To evade phishing attempts NEVER click links from unexpected messages. If you receive a message from your workplace, verify the authenticity of the message with your IT department.

Keyloggers

Keylogger programs are a type of malicious software designed to record and report every keystroke a user makes. Usually, a user will accidentally download the software thinking it is legitimate. AARP warns that seniors are often prone to these password hacks because cybercriminals want to gain access to their financial accounts. According to AARP’s study, an estimated “10 million households in America have a computer infected with a keylogger program.” To prevent keylogger software first run a virus scan. If malware is found, clean your computer and then reset your passwords.

Brute force attacks

Often a password is represented by a lock, implying that the password is the key. In this scenario, a brute force attack could be seen as a hammer or pair of bolt cutters. In this attack, hackers repeatedly test username and password combinations. Some studies show that over 2 trillion sequences can be run in 20 seconds or less. Simple passwords or those passwords with special character patterns are easy to crack and vulnerable to brute force attacks. Emma McGowan, a privacy and security expert at Avast, claims that “if you’ve been using the same password for years and on multiple sites, it’s likely to have already been compromised.” The best way to prevent a brute force attack is to create a strong or complex password.

Dictionary Attacks

A dictionary attack is similar to a brute force attack in that password guesses are generated based on words in the dictionary. Passwords that use children names, birthplaces, favorite foods, or even pet names are extremely vulnerable to dictionary attacks. To deflect dictionary attacks, it is a best practice to never use a “real word” or slang in your password. Compound words, like “CheesePizza” are also susceptible to a dictionary attack.

How is a Strong Password Created?

According to cybersecurity professionals, instead of using a pass-WORD use a pass-PHRASE. In general, the longer a password or passphrase is, the harder it will be to crack. Using advice from CISA and other tech experts, Elder Protective Services encourages our readers to create a password using one of these two methods:

Powerful Passphrase

For this password method, users create a shorthand for a meaningful phrase, movie quote, or song lyric and then insert special characters or symbols. For example:

  • Choose a meaningful or unforgettable phrase or quote.
  • “A rose by any other name would smell as sweet…”
  • Then use the first letter from that phrase.
  • Arbaonwsas
  • Add capital letters where they fit best.
  • ARbaonwsaS
  • Next change several letters into numbers, symbols, or special characters.
  • ARb@0nw$aS
  • Experts from the Senior Tech Club also suggest adding a “variable for the site for which it will be
    used” to create an extra layer of security.
  • Amazon =:Amz ○ Google = :Ggl
  • Financial Institution = :Bnk
  • ARb@0nw$aS:Ggl

Stealthy Sentence

Another way to create a strong password is to use what is known as the “sentence method.” For the stealthy sentence technique, users choose a random sentence and alter it into a password using a specific pattern.

  • Choose a random, but memorable sentence, ideally one between 6 and 10 words.
  • My favorite dinosaur from Jurassic Park is a stegosaurus.
  • Then decide on a pattern. For example, using the first 2 letters from each word unless the word is 2 letters or 1 letter long.
  • MfadifrJuPaias
  • Next change several letters into numbers, symbols, or special characters.
  • Mf@d1frJuPa1a$
  • Using the advice from Senior Tech Club add a “variable for the site for which it will be used.”
  • Amazon =:Amz ○ Google = :Ggl ○ Financial Institution = :Bnk
  • Mf@d1frJuPa1a$:Amz

Using either the powerful passphrase practice or the stealthy sentence system will help strengthen your cybersafety and protect your personal and private information within online accounts. When creating a strong and complex password, remember the essential Dos and Don’ts below.

Persistent Protection

Now that several strong and complex passwords have been created, the next logical question is How does one memorize all these new paraphrases and sentences?

In their research, experts from the Pew Research Center found that “84% of online adults rely primarily on memorization or pen and paper as their main (or only) approach to password management.” Although some professionals argue that writing passwords down is a suitable approach for seniors, the truth is that we are a nation constantly on the go – elders included! If a password paper is safely locked away in a desk at home, accessing a checking account or other mobile payment service, like Paypal or CashApp, would be extremely difficult for a person at the store or on vacation. Guessing complex passwords could lead to locked or paused accounts. Introducing password managers and multi-factor authentications!

Password Managers

The best solution to easily forgotten passwords is the password manager. In brief a password manager is software that enables users to create, store, organize and edit credentials, like usernames and passwords, all in one safe and secure location.

According to the Pew Research Center only 12% of all internet users 18 – 60+ use password managers,
which is a surprisingly low number seeing as 49% of internet users claim to worry about password safety. Cybersecurity experts suggest the use of a password manager because of the following benefits:

  • Passwords stored in one spot
  • Generated passwords
  • Credential Auto-fill
  • App and Web Monitoring
  • Alerts when account details have been compromised
  • Immediately prompts user to change password to prevent damage
  • Inexpensive, stress-free product and results

Cybersecurity experts for seniors from AARP and technology reviewers from Tech.co recommend the
following password managers for new or beginner users:
1Password
LastPass
Dashlane
NordPass

Although a password manager can seem like a daunting task for the 88% of internet users that do not utilize them, overall most users maintain positive experiences throughout. Seniors especially have optimistic outlooks in their initial interactions with password managers. Adam J. Aviv, George Washington University associate professor, explains that “Once older adults did adopt a password manager, they were more positive about their experience compared to their younger counterparts.”

Multi-Factor Authentication

In addition to password managers, multi-factor, also known as “two-factor,” authentication provides another layer of protection to a user’s accounts and passwords. The Cybersecurity and Infrastructure Security Agency (CISA) claims that “Whether you call it multi-factor or two-factor authentication, this simple step can make you 99% less likely to get hacked.

The first factor in the multi-factor authentication, MFA, is something the user “knows”, normally a username and password. The second factor is something the user “possesses”, often a code sent to their email or phone. These two steps make it harder for cybercriminals to hack. CISA encourages all internet users to use MFAs on sensitive accounts, like emails, financial services, social media, and online stores.

Key Takeaways

Using password best practices helps internet users stay safe online and protect their personal and private
information. Exercise password protection by:
● Creating a strong and complex password
● Utilizing password managers to create, organize and manage passwords
● Apply MFAs, multi-factor authentication, on all sensitive accounts

Share This Article