Latest News

Top tips on protecting passwords

On this World Password Day, Chris Brooks, co-founder of CryptoAssetRecovery.com, shares his top tips for protecting and recovering passwords.

  1. The point of World Password Day is to remind people to change their passwords.  Think of a password like the oil in your car — if you don’t change it every three months, it becomes less effective — and failing to change it can destroy your engine.  Passwords only work because they are secrets — but in 2021 more than 16 million accounts were known to have been breached every day.  It’s extremely likely that some of your passwords are already known to hackers, and they’re learning more of them every day.  Keep your digital life tuned, and change those passwords!

 

  1. People often think that adding symbols to a password makes it more secure. Given the firepower that hackers have at their disposal today, that isn’t necessarily true.  Short complex passwords can be cracked in fractions of seconds.  Complexity + Length is what makes passwords secure.

 

  1. The greatest threat to your passwords is password reuse. Once you’ve used a password once, you shouldn’t ever use it again. That’s because once a password gets cracked, hackers add it to their lists of known passwords — and they can then check the cracked password plus similar variants extremely quickly.

 

  1. Most digital services allow you to improve the security of your accounts by adding a second factor of authentication (also known as 2FA).  This second factor is usually tied to something physical.  So, in addition to “something you know” (your secret password) your account is secured by “something you have”.  This can dramatically improve the security of your accounts — because hackers can’t get remote access to your accounts simply by cracking your password, they have to have physical access to the second factor.  The problem is that companies are often trying to balance security and convenience — that is, they allow you to reset your password if you can prove that you have the second factor of authentication. This is often a bad idea, especially if you’re relying on an SMS message sent to your cell phone as your 2FA.  The solution?  Use an app on your phone for 2FA like Google Authenticator or Authy.

 

  1. Since January 1st, nearly a dozen people have contacted CryptoAssetRecovery.com explaining that a loved one had passed away without leaving a thorough record of where their crypto is stored. While we’ve helped some of these folks recover funds, it’s often very difficult to track them down. If you own crypto, World Password Day is a great time to pull together a list of all your accounts and wallets, make sure that your passwords and/or recovery phrases work, and make sure that you’ve left instructions for how your loved ones can access your crypto in the event of your untimely death.