February 1 was National Change Your Password Day, another reminder for consumers to take action.
Every 22 seconds, there’s a new victim of identity theft in the United States. That’s according to statistics from the National Council on Identity Theft Protection, an organization dedicated to reducing the impact of identity theft across the U.S. through education, prevention and monitoring. Studies show that the number of identity theft continues to grow each year, yet many consumers continue to use hackable passwords.
That’s why Tom Quinn, Head of Enterprise and Chief Information Security Officer for T. Rowe Price encourages Marylanders to change their password and make it unique.
“It’s a balance of memorability and complexity. Passwords should use uppercase and lowercase letters along with numbers and symbols,” Quinn said.
The key, Quinn noted, was to make the password a phrase or sentence that is memorable for the user and complicated for a hacker to guess. According to a survey conducted by NordPass, nearly 5 million people use “password” as their password and hackers can guess it in under 1 second. While using a common word like “password” or a string of numbers like “123456789” are easily hackable, Quinn also recommends that users choose phrases that do not use information that can easily be found online in government databases or in social media that hackers could figure out.
Much of the digital world requires an online username and password, which makes it difficult to remember. Quinn suggests investing in products that securely and easily store passwords on smartphones or desktops for ease. But what happens when the password manager product (such as the one that LastPass reported in December 2022) gets breached?
“That’s another scenario to be concerned about and should be part of a user’s evaluation process,” said Quinn. “It’s also one of the reasons why multi-factor authentication plays a key role.”
When there is high value at risk, Quinn recommended consumers enable multi-factor authentication. While some companies may not make the option to do so visible, he encourages consumers to look for it, and only choose companies that offer it. Multi-factor authentication not only requires an online username and password, but also requires other identification methods, such as biometrics, like fingerprints and face identification, or additional security measures such as PINs or security questions.
Quinn noted that there is continuing research and investment in password alternatives. But in the meantime, it’s good practice to change passwords on a regular basis.
“In addition to event-driven scenarios, like news of a data breach, passwords should be reviewed and changed regularly throughout the year. It can be paired with how often you change your fire alarm, for example. The key is to pair it with something that you already have as a regular reminder and is good practice,” Quinn said.
“Some people may be hesitant to change passwords because of the required complexity, especially if they have dozens or hundreds to manage, but that’s where a good password management tool comes into play,” said Quinn.
If your password falls in the 20 most common passwords around the world according to NordPass, it’s time to change it: