5 Smart Ways to Choose and Manage Online Passwords
Since the earliest “You’ve Got Mail” days of the Internet, we’ve been dealing with passwords, those annoying strings of letters (and numbers) it now seems every site requires to access the goodies we love about the Web.
It used to be just your email account. Then it was your online bank and credit card accounts. Now you have to log in to get your car serviced, pay your telephone bill and check up on your kids’ grades at school.
The proliferation of sites that require passwords is meant to increase our security. But if you have bad password habits, they could be making you less, not more, secure.
Here are five pointers on how to create, use and manage good, strong passwords online.
Avoid dumb passwords. Amazingly, many thousands of people use the world “password” as their password! At least they did until security sites began pointing out how easy to guess certain passwords are, including gems such as “123456” and “qwerty,” the first six keys under your left hand on the keyboard.
Seriously, come up with something unique, and not “1111111” or “trustno1.” A good password is not even a word. Hackers can launch what’s called a “dictionary” attack that uses brute computer power to rapidly guess millions of possible common word combinations. Instead, the Federal Trade Commission suggests using random combinations of letters and numbers.
Never use identifiable data. People tend to select a password that’s meaningful to them. Unfortunately, meaningful information often is public information. Imagine how many websites currently know your street number, phone number or birth date. All bad password choices.
Same goes for favorite sports teams, pet names and just about anything you post on social media. If you put a picture of your dog Sparky on Facebook, “Sparky” is a bad choice of a password for you. Making it “Sparky123” is not a big improvement.
Don’t recycle passwords. What if a robber who stole your office door key could also use it to get into your car and your house? That would be bad. It would be just as bad if a hacker who figured your password could use it to get into all your accounts.
When thieves breach huge consumer databases, as they did at Target and Home Depot, they seek username and password combinations to sell to hackers abroad, who use those combinations anywhere and everywhere they can to find a match.
Keep track securely. If you follow all of the best practices — long, un-guessable passwords with numbers and special characters tossed in — they’ll be virtually impossible to remember.
One solution is to use a password manager which stores those passwords either on your computer or on a secure server elsewhere (“in the cloud”). Keeping them in the cloud can be helpful, allowing you to access your passwords on your mobile devices. Usually, these services rely on a single (hopefully very strong) master password, making that password the only one you have to remember.
A drawback is that even these services can be hacked, whether on your Internet-connected computer or in the cloud. Make sure you choose a password manager that offers additional security measures, such as requiring you to log on both with a master password and a code sent to your email or phone, a process known as two-factor authentication.
Recognize the limits of passwords. Assume that no password is completely un-crackable. It’s just a matter of time and patience for the bad guys. Strong passwords help, but if a hacker is recording your keystrokes surreptitiously (yes, they can do that if you click the a link in a scam email and download certain malware), none of it matters.
Sensitive websites are getting wise to the risks, requiring complex password choices and periodic password changes and also using increased browser encryption. Two-factor authentication is a big step up.
Identity theft and online fraud are no joke. They happen to millions of people a year. Improving your password security is an important step in protecting yourself from the pain and financial damage that can result if they happen to you.