Categories
Business Travel Travel Management

What Common Password Mistakes Are Putting You At Risk?

Is your password still your birthday? Do you get that guilty feeling every time you use it, swearing you’ll be more creative next time you login? For good or bad, you’re not alone. 91% of people in a recent survey said they knew they shouldn’t reuse passwords, but 59% continue to do so.  Unfortunately, we live in a time when data breaches are part of the norm. In fact, in the time it takes to finish this sentence, there will be approximately 280 data records stolen. Not only are you putting yourself at risk, but your company and coworkers as well. It’s time to stamp out those nasty password mistakes and start on the right foot.

The most common password mistakes

  • Thinking a weak password is ok for some accounts. You may be thinking that hackers are more interested in your PayPal account than your FitnessPal. And you’re right — for the most part. Hackers will often start with a login on a less important account as a way to climb the ladder to your more valuable accounts. Users should be aware that every login is important for a hacker, whether it’s your banking password or online shopping account.
  • Reusing passwords, especially from home to office. Turns out slight adjustments to your tried-and-true password is not enough of a change to thwart off hackers. It becomes even more problematic when you use the same passwords across personal and business accounts. Once this gap is breached, confidential information for your business, coworkers and even clients may be exposed. For example, an employee of Dropbox reused a personal password, ultimately leading to the credentials of over 60 million accounts being seized.
  • Sticking to the default password. Always remember to change any new logins created by your tech department. ‘Admin’, ‘password’, or ‘12345’ might be easy to remember, but it’s not worth the risk. Plus, it’s often the first words hackers try.
  • Not using two-factor authentication when available. You have likely used this process recently. It requires a second verification to log into an account, typically it’s an additional pin sent to your phone or fingerprint scan. This added step in security ensures that no one other than you will be able to access your account. If given the option, always activate the two-factor verification process.

Tricks to creating a secure password that you’ll actually remember

If you’re anything like the majority of people, you should probably update your passwords. The hurdle for most people is the fear of forgetting their new password. In fact, the same study found that only 55% of victims change their password after they discovered they were hacked. The truth is, secure password habits is actually pretty easy to learn and utilize. The trick to a hard-to-crack password is one that is unique, easy for you to remember, but also hard to guess. Just follow our tricks below and you’re accounts will be like Fort Knox in no time.

  • Make passwords lengthy and complex. A secure password should contain at least 12 characters, with uppercase and lowercase letters, as well as numbers and symbols.
  • Avoid using painfully obvious passwords, or commonly used words in passwords. For example, ‘12345’, ‘asdfghjkl;’, or ‘password’.
  • Don’t use information that a friend or family member would be able to guess. Hackers would likely be able to decipher it as well. Avoid using information like you or your family member’s birthdays, your favorite band, your home address, maiden name etc. If it’s something a facebook search could reveal, avoid using it in your password. You can still make it personal and memorable to you without using these general and searchable facts.
  • Try using a passphrase instead of a password. A passphrase is a string of letters or words put together, making it unique and harder to crack. You can still personalize it to make it memorable. For example, use your favorite breakfast, ‘startthedaywith_Eggs&bacon.’
  • Use a phrase or acronym to keep it memorable but also obscure. For example, ‘2BorNot2B_ThatisThe?’ (To be or not to be, that is the question) or ‘4Score&7YrsAgo’ (Four score and seven years ago).
  • You can also be systematic about your process. Use passwords with common elements, but customize for the account. For example, ‘ABT2_uz_AMZ!’ (about to use Amazon) ‘ABT2_uz_BoA!’ (about to use Bank of America)
  • Use the keyboard as your reminder. Create a password by creating a shape on the keyboard. For example, by creating a big W starting at 1, my new password is ‘1qsxfthmko0’. That’s pretty tricky to decipher to an outsider, while still being relatively easy to recreate. Try different patterns, like smiley faces, hearts, or a letter you will remember. Just be sure to avoid completely straight lines across the keyboard.
  • Get in the habit of changing passwords regularly. Start with National Change Your Password Day on February 1.
  • If you’re still wary of forgetting passwords, use a password manager to generate and store your passwords. Here are some the the top rated managers on the market.
  • Hopefully this is a no-brainer, but should be repeated for any roadwarriors out there – always use a secure wifi connection when creating a new password or logging into an account. Wait until your home or in the office to make any changes. Hotel wifi is often not secure enough for sensitive information.

Passwords are truly the first line of defense against identity theft. Whether it’s a food delivery app or banking account, it needs to hold a strong defense against impending attacks. These simple tricks may taxing to start with, but will keep you and potentially your company’s information safe.

Categories
Business Travel Travel News

What You Need To Know About Marriott’s Starwood Breach

Marriott announced Friday that their reservation database for Starwood hotels has been breached by hackers, leaving almost 500 million user’s personal information exposed. Learn what happened in Marriott’s Starwood breach, how to determine if your information has been compromised and other important next steps.

The Marriott’s Starwood data breach

  • Hackers illegally accessed Marriott’s Starwood Hotels reservation database. Marriott purchased the Starwood hotel brand in 2016, though it appears this breach has been taking place since 2014. Only Starwood brand information has been compromised.
  • An internal security tool detected the breach on September 8. Upon further investigation, they discovered the length of time the attack has taken place.
  • Starwood hotels include : Westin, Sheraton, The Luxury Collection, Four Points by Sheraton, W, St. Regis, Le Meridien, Tribute Portfolio, Design Hotels, Four Points, Aloft, Element.
  • It is the second biggest corporate data breach in history. The first involving Yahoo last year, with over 3 billion accounts being compromised.

What information has been exposed

  • For 327 million people, the information breached includes names, phone numbers, email addresses, passport numbers and date of birth. It also includes trip arrival and departure information.
  • For some, credit card information and card expiration dates were compromised. There was encryption on this information, though Marriott is unsure if that encryption could have been breached as well.
  • This leaves an estimated 500 million people vulnerable to having their identities stolen. It can then later be used to open bank accounts, credit cards and even loans in their name.

What to do if you think you might be a victim

  • Visit Marriott’s website about the breach. Contact them directly through the call center listed on the site or read additional information about the breach.
  • Keep an eye on your email. Marriott has begun sending out notification emails to those that have been compromised. These roll-out emails begin Friday, November 30.
  • Marriott will provide guests with free WebWatcher enrollment. Free of charge for one year, it will monitor if your personal information is being used online without your permission.

Additional ways to protect yourself

If you’re concerned that you may be a victim, or just freaked out in general, here are a few actionable items you can start doing today:

  • Start changing your password on your Marriott Starwood accounts regularly. This is the first line of defense to keeping hackers out. Make sure your new password has at least 12 characters, tricky to guess, and doesn’t include any information that can be gleaned from your online profiles, like your birthday or home address.
  • Monitor your accounts for suspicious activity. Keep an eye on your Starwood Preferred Guest account for any suspicious activity. Also check your bank, retirement, brokerage accounts, and credit card statements for anything unusual.
  • Freeze your credit. Keep anyone from taking out credit cards or loans in your name by freezing all credit.
  • Open a separate credit card for online transactions only. Make it easier to track transactions and spot fraudulent activity by using one dedicated credit card for online transactions. If compromised, you won’t have to change additional bills or utilities billing information, reducing additional stress and headache.
  • Be aware of anything fishy in the future. It’s not new that we should be vigilant with our actions online or on the phone. ‘Phishing’ schemes usually include people trying to access additional information from you or your computer with bogus emails, fake links, and fraudulent websites. Marriott has said they will not call or email you asking for your profile or password information. Do not provide this information if requested online or on the phone, as they are likely trying to steal additional personal information.