How Many Lost-Passwords Catastrophes Does It Take for People to Learn the Lesson?
We are often told that passwords should be changed regularly to improve our personal security, but it is something that is often overlooked, as most are more concerned with remembering the passwords of dozens of accounts rather than keeping their accounts safe from hackers.
Recent reports of 117 million LinkedIn usernames and passwords from 2012 being sold brings this issue to the forefront. Password management is critically important, and mishaps or carelessness can even potentially cost us money. Although it seems difficult to connect those dots, an event that unfolded with Laremy Tunsil -- a projected top player in the NFL draft -- proved that a weak password can lead to a damaged reputation and financial loss.
Tunsil entered the draft out of the University of Mississippi and was projected as the top player available by many of the leading draft experts and virtually guaranteed to be picked no lower than sixth overall. Then, approximately 10 minutes prior to the draft beginning, Tunsil’s social media accounts were hacked and damaging information about him began to surface through his own verified channels. On Twitter, an image of Tunsil using illegal drugs was released and on Instagram, texts between Tunsil and members of Mississippi’s football department emerged that discussed financial payoffs, a clear NCAA violation. Tunsil, a rare talent on the field, eventually saw his slide down the board end at number 13 thanks to the Miami Dolphins. However, while on the surface it may not seem like a big deal, the reality is in today’s NFL draft to slide down seven picks means a loss of more than $6 million in total contract value.
The question naturally becomes, how did this happen? In the days following the NFL Draft, unsubstantiated reports have surfaced alleging that Tunsil freely offered up his login credentials to his social media sites to friends and other associates. Other reports have refuted that saying his channels were merely hacked. However, we can say with a good deal of certainty that whatever the method, his accounts were compromised due to poor password management.
While Tunsil may be one of the more high-profile victims of late, he is certainly not alone. Anyone that has created multiple online accounts and in turn created multiple logins and passwords associated with them, has likely fallen prey to a number of poor password habits, such as:
Creating simple, easy to remember passwords.
Re-using a simple password for all our accounts.
Keeping passwords in an unsecured spreadsheet.
While Laremy’s habits were nowhere near perfect, he’s also a victim to an inherently flawed system. As more and more sites beef up their security practices, requiring more complicated, secure passwords, it has become humanly IMPOSSIBLE to remember all of your passwords and lead a secure digital life. It’s understandable, but it doesn’t help the fact that it could have and should have been prevented.
Below are three steps that everyone should follow to avoid being an easy target. Whether you are a burgeoning professional athlete or an average Joe, making your social media accounts as secure as possible should be everyone’s goal.
1. Create strong, unique passwords for every account you use.
As a first line of defense from hackers, users should always be protecting themselves by using long, uniquely generated passwords. By creating a strong, unique password, you’re ensuring that passwords leaked in data breaches can’t be used to try hacking into other accounts. You may not be personally the target in a hack to start but many times a company’s entire database of password hashes are taken, allowing mass attacking against everyone on the list. Once that happens if the passwords are poorly stored (unfortunately typically the case) everyone’s password will be known to the attacker. Strong passwords look like #IP9PqjS%17pEbUOkMVv and do not use words you would find in a dictionary or your personal information (like your birthday or pet’s names).
2. Use a password manager to keep track of your accounts.
If that strong password looks too hard to remember, using a password manager, such as LastPass, to create and store long, strong passwords for every online account, including your social media accounts, can make your life a whole lot easier. Password managers generate unique passwords and store them into a secure, easy-to-use vault. It can also automatically fill in login pages with your credentials, making it easy to use unique passwords.
3. Add another authentication step.
Two-factor (or multifactor) authentication is one of the most straightforward and secure forms of safety measures currently available. Over the last year, I’ve seen an increase in user-friendly, portable options that general consumers can take advantage of. Two-factor authentication is a feature that asks you for more than just your username and password when you log in. You have to provide a second piece of information – whether it’s a code, or a temporary password, or the swipe of a finger – before the account can be accessed. Remember, two layers of security are always better than one!
Joe Siegrist is a co-founder of LastPass and serves as the VP and GM of LastPass, the Identity and Access Management Group at LogMeIn. Siegrist has more than a decade of experience in developing and running internet applications and is the named inventor of five key software patents.