When I think of passwords, and in particular "weak" passwords, an old Mel Brooks movie comes to mind where the villain enters the password of 1, 2, 3, 4, 5 in order to complete his evil plan. Perhaps you are familiar with this movie? Comedy aside, weak passwords are not always as obvious as the one from this movie. Today, you will learn how to do a "password checkup" and see if you have:
- Compromised passwords
- Reused passwords
After we look at the above two items, you will see how to test your current passwords. This test will inform you how long it would take a computer program (algorithm) to break your password. I found the amount of time it would take to break into my accounts to be very eye opening. My guess is that you will too. Can't wait to see how? Skip to that section now.
Start Your Password Checkup
To get this process started, head on over to Google ( Control+Shift Click or Command+Shift Click the link to open this in a new tab or window). From there, you'll want to click on the profile picture in the top right of the page (not the one in the top right of the browser near the 3 dots). See the image below:
From here, you will need to click on Security found in the left side menu (or at the top on a smaller screen). From there, scroll down and find the link to Password Manager (Steps combined in image below)
After clicking Password Manager, you will see Password Checkup near the top of the screen. Click Go to Password Checkup (seen below).
You're almost there! Because you're about to access the password check up area, there is a good chance you will be prompted to enter your credentials again (if you haven't recently done so). Click Check Passwords.
What to Do After Your Checkup
Good or bad, your check up is complete. Now you are staring at your results. Perhaps your results look something like mine below (maybe better, maybe worse).
What are Compromised Passwords?
Data breaches occur more often than we would all like. Fortunately for us, Google (and others) keep track of these breaches and run your passwords off of the lists of exposed credentials. This makes compromised passwords your #1 priority.
Click to expand the Compromised Password(s) section. You will see all accounts that need your immediate attention. To make the process easier, Google provides some convenient functionality right from this screen (see below):
Be sure to change the passwords for all compromised accounts. The link provided should help get you to the site so that you can begin the process. Of course, you will want to select a strong password, and follow our steps to safely storing your passwords.
Most of Us Are Guilty of Reusing Passwords
I feel confident in the statement above. We tend to have an inflated sense of security provided by what we feel is a "strong password." This leads us to use this so-called strong password on multiple sites. The problem with this strategy of course is that these passwords usually not as strong as we think. As a result, cracking one account opens us up to losing multiple accounts.
Use the reused passwords section to head over to these sites. Give each of these sites unique passwords. "But how am I supposed to remember all of these passwords?" you ask. Have you checked out part 1 of our cybersecurity awareness series? This will give you a solid strategy for keeping your unique passwords saved.
What to do With Weak Passwords
In my opinion, this is a great time learn a little about how the "hackers" are gaining entry. We are not going to discuss phishing today (that's coming up). Those that desire to gain entry into your accounts use automated programs that use common words. If those attacks fail, they can begin to "brute force" their way in. With possibly thousands of attempts per second, these programs can make short work of cracking your account.
You can head over to https://useapassphrase.com to do 2 things:
- Generate strong (I mean really strong) easy to remember passphrases
- Test your existing passwords to see how long it would take a computer program to crack your password
You will see something like this...
One of my frequently reused passwords had a time-to-crack of 11 hours. That gives me reason to be concerned.
Would you share some of your time-to-crack times?
Use the comments down below if you are courageous enough to share. Don't worry about judgement, by the time you've shared them, I am certain you have strengthened them against attack, right?!
What if Strong Passwords Are Not the Problem?
Believe it or not, cybercriminals have a better way to get into your account than cracking your passwords especially when they are strong like yours. They just get you to give them your passwords?
Want to know how they do that? Read part 3 of our series.