AIM Institute’s Tips for Good Password Habits

At AIM Institute, we know technology touches every corner of our lives. A nonprofit whose goal is to grow, connect and inspire tech talent, AIM teaches the importance of keeping data, identity and other online personal information safe. On Thursday, May 2, World Password Day serves as a reminder for us all to brush up on online safety and security.

AIM cybersecurity expert Jon Larsen says World Password Day is a good time for spring cleaning your accounts. “Go through your accounts and change the passwords. Pay attention to what accounts you use and how frequently, and review the privacy information on each web site to look for changes or added security measures that can be taken, like adding layers of multi-factor identification. Delete older accounts with services that have become obsolete.”

Larsen says avoiding common password pitfalls can make your accounts more secure. A recent breach analysis from the UK’s National Cyber Security Centre (NCSC) found that 23.2 million hacked accounts around the world used “123456” as a password. Here are other top passwords that were most commonly hacked:

  • 123456789 (7.7 million)
  • qwerty (3.8 million)
  • password (3.6 million)
  • 111111 (3.1 million)

Larsen recommends these tips to keep your passwords, data and information secure:

  • Keep passwords different for each account.
  • Avoid using personal information that could be found online (pet’s name, high school, mother’s maiden name, etc).
  • Choosing a random phrase or a few words, rather than one specific word can make it more difficult for hackers.
  • Secure password services that keep all passwords for you, like LastPass, could be a good option if you have trouble remembering different passwords.
  • Do not write passwords down and stick them to your computer or laptop.
  • When using Wi-Fi, never use a network that is not password-protected. On your personal Wi-Fi, consider removing the guest option. Hackers can view what is on your devices through networks that are not secured with a password.
  • Add layers by using multi-factor identification whenever possible. This significantly decreases the risk of someone accessing your account. Visit twofactorauth.org to find major websites that offer this added security.
  • Knowledge is power. Check if your email information has been breached through the website haveibeenpwned.com.

Larsen says there is a development happening among large technology organizations including Microsoft and Google to eliminate the use of passwords all together utilizing new technology. However, he says, until this happens, the best defense against hackers is a good offense of due diligence by individuals.