I’m a cybersecurity expert, here’s how to pick a scam-proof password – and how to know if yours has been hacked
- Average American now has 85 different passwords to remember, figures show
- Some 17% of hacks are from criminals who successfully guessed passwords
- Dr Chris Pierson reveals his tips for keeping your information safe online
A leading cybersecurity expert has revealed the biggest mistakes people make when choosing their passwords – and explained how to spot if yours has been hacked.
Dr Chris Pierson, who served on the Department of Homeland Security’s privacy committee and cybersecurity subcommittee, said even just uploading a post to social media can compromise the safety of your accounts if you are not careful.
The average American now has 85 different passwords to remember, while 555 million logins have been stolen and shared on the dark web since 2017.
And an astonishing 17 percent of those cases were from hackers who successfully guessed their victim’s passwords.
But to Dr Pierson, who now runs security firm Blackcloak, these figures come as no surprise. He said oversharing on social media has made it increasingly easy for hackers to work out what your password is.
This is because somebody might, for example, use their dog’s name for their login.
If they then share pictures of the pet – alongside its name – on their Instagram it effectively gives hackers the key to all their accounts.
‘When you’re picking a password, you need to make sure it has absolutely nothing to do with your personal life in any way,’ Dr Pierson told Dailymail.com.
‘If you’re all over Instagram at a Taylor Swift concert, you better not use some kind of reference to her in your passwords.’
He said the only way to make sure your accounts are truly safe is by using a password manager.
These services generate ironclad passwords and automatically store them on your device or browser so you don’t need to remember them yourself.
When you come to log in to a site, your computer will then auto-fill the form.
Many charge for the service, but a growing number of firms offer them for free.
For example, if you use Google Chrome as your main internet browser, it also offers a free, automatic password manager.
Passwords are a growing goldmine for cyber criminals.
If fraudsters gain access to just one of your online accounts, it puts you at risk of identity fraud and means you are more likely to fall for impersonation scams.
How to find your compromised passwords on web platforms
Apple iCloud Keychain:
On a mac or iphone, open the Keychain Access application, click Settings > Passwords > Security
Keychain will display a warning signal next to compromised passwords and offer an option to change them
Google has a Password Checkup tool which can be accessed via passwords.google.com. Click Password check-up > Check Passwords
If you are using the edge browser, click on Settings > Profile > Passwords and turn on Password Monitor
Dashlane will automatically show you if any of your accounts have been compromised. It runs security checks on your saved information daily.
It also allows you to check if your information has appeared on the dark web. To do tis, go to Dark Web Monitoring in the app and select ‘Start Monitoring’
Click the Watchtower or Security Audit section of 1PAssword to scan your passwords for breaches and vulnerabilities
And because many people use the same password for multiple accounts, if hackers gain access to one, more could be at risk.
What’s more, these details are often exchanged freely on the dark web – giving a host of other criminals access to your personal information.
Dr Pierson says this is why it’s important to keep a regular check on whether any of your accounts have been compromised.
Most apps and service providers now give users the option to see whether their data has been compromised.
Google announced last month it would start alerting all Gmail users if their email addresses appear on the dark web.
And last year Apple also automatically identifies common weaknesses in user passwords when they are stored in iCloud keychain.
To make use of it, an Apple user would need to click into their settings, press the ‘passwords’ button and then click again on ‘security recommendations.’
There is a toggle which then asks users if it wants the software to detect when passwords have been compromised.
But even though most people have access to these tools – they fail to utilize them.
Often this is due to the sheer quantity of leaks which can make it daunting to a user.
Dr Pierson therefore recommends prioritizing your passwords in order of importance.
He said: ‘Obviously your money and bank accounts are most important.
‘But also check where your logins cross over. For example, you might not be too bothered if somebody hacks one of your airline accounts but if it’s the same details you use for your bank – suddenly the issue becomes more than just about your airmiles.’
The vulnerability of passwords has left many wondering how long they will exist.
Tech firms have been investing in a host of other authentication methods.
These include 2-step authentication methods which may text you to give you a code or use a separate app for you to approve a login from.
From this week, Google is allowing over nine million organizations to let users to sign into a Google Workspace or Google Cloud account by using a passkey sent to their phone.
It has led many to speculate around a ‘passwordless future’ with written logins fast becoming a thing of the past.
But Dr Pierson denies this is the case.
‘You go to the grocery store and still see people using checkbooks at the check-out. Passwords will always exist in some form,’ he said.
Helena Kelly Consumer