At this point, it seems like companies ask you to change your password frequently, because something got hacked. In fact, in June of 2016, Fortune Magazine said, "It's almost fashionable to become the victim of a data breach these days, or at least you'd think so, given the who's-who list of companies announcing them." In other words, everyone from Fortune 500 companies and hospitals to small businesses and tech giants are experiencing the rippling impact of a data breach.
DOES YOUR PASSWORD STAND A CHANCE?
As a person thrown into the middle of a data breach, the first thing you should do is change your login credentials as quickly as possible. The quicker you change your credentials, the less of a chance a group of hackers has to use your preexisting password to access your account. But this will really only work if your preexisting password has made it through the initial waves of cracking and hacking.
What is hacking software?
Cyber criminals and hackers have developed a variety of software with the sole purpose of cracking your passwords. This can be done through a Brute Force attack where hackers try tens of thousands of password combinations within minutes.
How else can your password be hacked?
Cracking software is not the only way an account can be unlocked. This can go down a variety of ways, and it doesn't always involve a massive data breach.
Phishing: You might receive a malicious email. This email will appear to come from a credible source and it could ask you to login to your account or send your information over for an "account verification." Once you do this, the hackers will have full access to your account.
Security Questions: Just like a password, your security questions can also be hacked. People tend to answer security questions the same way. For example, "What is your favorite football team?" only has a handful of legitimate answers, and people naturally want to answer it accurately to ensure they can remember it at a later time.
Malware: If malware has wiggled its way onto your connected device, this could also result in a leaked password. Some malware can track your every movement, and keyloggers can record every letter you type.
What does a good password look like?
When it comes to hacking and cracking, the first line of defense is a strong password. Your password needs to be strong enough to make it through the initial waves of hacking and cracking - giving you the time you need to get to your account and change your password.
The longer your password is, the more difficult it will be to decipher. But, at the same time, this also means that it will be more difficult for you to remember. To make this easier on you, use phrases, but don't use common phrases. Phrases are better than standalone words, but that's only if the phrase is random.
Experiment with capitalization.
There's a huge difference in time when it comes to cracking a password with all lowercase versus cracking a password with all types of characters. For example, a password that has eight characters and all lowercase letters should take around 2.23 hours to hack with a basic computer. If you throw in a capital letter or two, then that period of time should bump up to 2.21 years. Quite a bit of difference.
Throw in a character or number.
If a capital letter increases the strength of your password that much, consider what it does for your password if you add in a few numbers or a special character. Just make sure you aren't using these numbers and characters in obvious ways. For example, adding "123" to the back of a word doesn't make your password more secure. These combinations are easy to hack. If you use a number or character, make sure it counts.
Is there another way to protect your account?
Passwords will only take you so far, especially if you're subjected to social engineering. These attacks rely on the human element to dupe you into releasing private information - like passwords. You should consider implementing 2-factor authentication on any sites that offer it.
2-factor authentication requires two separate methods of authentication before you're allowed to login to your account. This might consist of your password and a code given to you via a text message.
If you want to protect your data and online accounts, then 2-factor authentication are a necessary step. They create an additional layer of security.