Protecting Your Passwords

See if this applies to you. If one of your passwords is:

  • password
  • abc123
  • your company name
  • your name
  • your spouse's or child's name
  • your birthday
  • your favorite sport

Then you're like millions of other people. And your computer is unsafe.

PC and online security is a balancing act between safety and convenience. Researchers say most people make a choice heavily weighted towards convenience. While passwords may feel like a necessary evil (especially if a particular program requires a password), passwords serve a vital purpose.

Strong passwords keep your data safer.

Strong passwords keep your identity safer.

Strong passwords keep your business safer.

The risk of using inadequate password protection is obvious. Web-based applications typically only require a username and password to access. If you bank online, you probably log on to your account using your account number and a password; if you have a weak, easily-guessed password, anyone can have access to your money. Let's make sure that doesn't happen to you.

The first step to using effective passwords is to stop taking the easy route. The most common password mistake is choosing something easy for you to remember: Pet names, hometowns, street names, nicknames, anything that easily springs to mind. While you may think using the street name of your childhood home would be difficult for a hacker to guess, keep in mind a quick Google search can reveal a tremendous amount of personal data about you. All a hacker needs is a little information to make an informed guess.

Easy-to-learn details can be especially dangerous when used with a weak password recovery system. Say a hacker tries to gain access to an account. By hitting the "Can't remember your password?" link and answering simple verification questions using information they learned about you online, the hacker could access your account and even lock you out (from your own account!) by changing the password.

One of your social networking profiles could contain all the information a hacker needs to answer simple verification questions like the name of your pet, your mother's maiden name, the city where you were born, etc.

Stop using the same password for multiple sites or purposes. If a hacker guesses correctly once, they can use that password to gain access to other accounts or applications.

Software Can Help

Because keeping track of the many passwords we need can be challenging, and because recycling passwords on multiple sites can be risky, password management software can be a good choice.

Password management software stores your log-in details for websites in a protected file, and enters it automatically when you log into an online service. Most password management programs synchronize your password data with mobile apps so you can access information on a variety of devices without compromising your data integrity.

Password management software can also suggest strong, randomized passwords (using the guidelines below and other methods) that are safer than the easy-to-guess passwords most of us come up with on our own.

Creating Strong Passwords

So how do you create a strong password? Here are basic guidelines. Make sure your passwords:

  • Are at least eight characters long
  • Contain special characters like $, @, *, %, or #
  • Do not use words
  • Include a combination of capital and small letters

Complicated? Let's make it simpler and still meaningful (and relatively easy to remember):

Step 1: Think of something meaningful to you: person, place, event, etc. Make sure it's eight characters long; if you need to, combine two words.

Step 2: If you use two words, replace the space between those words with a special character. For example, if your two words are black dogs, turn those words into black#dogs.

Step 3: Replace a few letters with special characters. For example, you may decide to replace "s" with "$" and "a" with "@". Doing so turns your password into bl@ck#dog$.

Step 4: Now throw in a number. An easy number to use in this case is zero; we'll replace the "o" with a zero, resulting in bl@ck#d0g$.

Step 5: Add a capital letter or two. We'll capitalize the "d," resulting in bl@ck#D0g$.

Step 6: Test your password. A number of free online tools test your password and evaluate its strength. Search for one using terms like "free password tester".

Step 7: Remember your system.

There are other systems you can use. For example, you could start with a sentence that has meaning for you, like, "I want my children to grow up healthy and happy." Take the first letter from each word: IWMCTGUHAH. Then replace a few letters with small letters and a few other letters with symbols. The key is to start with something meaningful but then turn it into a string that is impossible for others to guess or "crack."

Then focus on keeping passwords safe:

  • Use multiple passwords; that way if one is compromised, your other passwords are still safe.
  • Never provide your password by email or in response to a request by email.
  • Don't type in your passwords on computers you do not control. Computers in labs, kiosks, cafes, etc could be infected with spyware or keystroke logging software; don't enter passwords if it's not your computer.
  • Never tell others your passwords.
  • Protect your password records; don't tape passwords to the bottom of your keyboard, the inside of a drawer, etc.

Devoting time and attention to choosing strong passwords – and creating multiple passwords – will ensure you protect your business and personal information from unauthorized use.