October 28, 2020

County Office of Consumer Protection Advises That Taking Password Protection Actions Can Help Avoid Giving Criminals the Holiday Gift of Access to Your Personal Accounts


The holiday season is when consumers are most active, buying many gifts and household items online. Most of those transactions involve creating accounts that require passwords. The holidays are also times when criminals are most active, stealing identities and personal information. Easily identifying a password makes their work even easier. That is why the Montgomery County Office of Consumer Protection (OCP) is urging consumers to review their passwords before the holidays and make sure they have ones that are not easy for criminals to guess.

Easy to remember passwords for consumers are an Internet hacker’s greatest gift. Online hackers are hoping that consumers continue to make common password mistakes that have made their jobs easier over the years. However, there are ways to avoid some of the problems.

Passwords are generally the first security check that a criminal can use to access someone’s accounts on a commercial business site, an email account, a bank account and even a social media account. “Weak” passwords are susceptible to being guessed by specialized hacking software.

“It is understandable that people want to use passwords that are simple and easy to remember,” said OCP Director Eric Friedman. “Then it becomes natural to want to use the same password for account after account. However, doing those things makes individuals easy targets for people who want to steal their credit information and use it for themselves.”

Broadtechs offers advice on how to have more secure passwords in a column entitled “10 Password Mistakes That Hackers Hope You Make.” The story can be found at https://tinyurl.com/y6cokxll.

Here are additional steps on how to have more secure passwords:

Advice to follow:
  1. Create complex passwords using letters, numbers and characters.
  2. Use passphrases over passwords.
  3. Create passphrases using letters (capital and lower case), numbers and characters: For example, Cyb3r$ecurItyR0ck$ and not cyberscurityrocks.
  4. Research and use a secure password manager or vault.
  5. Use two-factor authentication (pin codes, thumb print, facial or retinal scan) for sensitive accounts.
Do not do the following:
  1. Use easy to guess passwords: These could include a combination of your name, initials, date-of-birth, etc. Passphrases should not identify you, your hobbies, profession, etc.
  2. Create passwords without numbers or special characters: The more complex, the harder to crack.
  3. Use the same password for everything: All it takes is one hack and criminals can access all your accounts.
  4. Keep the same password for years: 86 percent of consumers are using account/passwords that have already been stolen in a data breach.
  5. Use short passwords: The longer it is, the harder it will be to guess.
  6. Use impossible to remember passwords. You want to be secure from hackers, but you must be able to remember your own passwords.
  7. Ignore news about data breaches: Take all measures available to safeguard your accounts after a breach.
  8. Use insecure password storage: Spreadsheets, cell phone notes and post-it notes may be convenient, but they are not secure from theft or intrusion.
  9. Modify passwords only slightly when changing them: Do not use the same password with a slight tweak for each website. That is an easy pattern to discern by hackers.
For questions about password security, call 240-777-0311.