By Savvy Cyber Kids

Passwords.

We all have them, and we all hate them.

Why?

As small business owners and consumers, we are busily trying to complete our daily list of to-do items as efficiently as possible. Yet, every time we want to read an article that affects our industries or us individually, we have to enter a user id, typically an email address and a password, just to read the latest happenings. Want to make a change to your retirement plan or place a personal trade? Enter your username and password. Need to run payroll for your employees or send a check to a friend? Enter your username and password.

When we take a step back it becomes clear why most people use the same password for as many accounts as they can AND they are typically easy to guess. The top 10 passwords used last year were:
1. 123456
2. 123456789
3. qwerty
4. password
5. 111111
6. 12345678
7. abc123
8. 1234567
9. password 1
10. 12345

See, I told you I knew your password.

How Do I Know If Someone Has My Password?

haveibeenpwned.com

Hopefully your password is not on this list, but you can check to see if the passwords (or passwords) you use have been compromised and should be changed immediately. You can do that by going to https://haveibeenpwned.com/ and typing in your email address. Once you do, you will see a list of companies where your username AND password has been compromised and is now publicly known (yes this is a legitimate site). If you see a company on the list where your user ID and password were stolen, it is time to go and change your password. Then, go change your password on every account where you used that same password.

But how will you remember all these new, complex, and different passwords? You can use one of the many password safe tools that are available.

Stick with one of the more reputable ones:
1Password: https://1password.com/
LastPass: https://www.lastpass.com/
Password Safe: https://www.pwsafe.org/
KeePass: https://keepass.info/

Now that you have gotten yourself back to a good starting place with your not easily guessable passwords and you are no longer using one that has been compromised during the hack of a company, it is time to take the next step. It is time to enable strong authentication on all your accounts that really matter. These are the accounts that run your business or your life. Think about what would happen if someone logged into your account. What damage could they do? For those sensitive accounts, go into your profile or settings and turn on strong authentication.

There are typically two methods companies use to provide you this secure login service. The most common, and least secure of the two, is by texting or emailing you a code that you enter. The better option to use if it is offered is an authenticator app (they are free to download to your phone).

Here are two options:
Google Authenticator: https://google-authenticator.com/
Microsoft Authenticator: https://www.microsoft.com/en-us/account/authenticator

Some companies are starting to use alternative authentication methods to prove you are who you claim to be. One method used behind the scene for many financial institutions is identifying the device, web browser, and IP address you are using. Some will even let you know they detected your device in a new location and ask if you are traveling to confirm it is really you trying to access customer or personal sensitive information.

No one wants their company account or their personal account drained of funds or sensitive information stolen and released to the world, so it is up to you to take this next step and secure your accounts with strong authentication.

Even though I know your password, I won’t log into your account. However, I can’t speak for others who know it too. Take action today to protect yourself!