Ever
yday we must use passwords to gain access to our own systems and devices in order to gain access to our own information. Unfortunately, we live in a world where this is necessary as a result of people all around the world continually trying to crack passwords to gain access to the masses of information available out there on the internet and on our personal computers. Simply putting a password on your computer and any internet related accounts you have is not enough, you must be sure to create passwords which cannot be easily guessed, based on dictionary words, or contain information which can be socially engineered via social media sites and other means. Below you will find my top 10 tips to make sure you keep your systems, accounts, and your data as safe and secure as possible.
- Use a combination of upper case, lower case, special characters and numbers with no fewer than 12 characters in total.
Variety of key combinations and password length make passwords more secure, this practice is not just to make your life difficult, it’s to keep your data secure! - DO NOT use dictionary words.
Often hackers use programs which will systematically attempt determine ones passwords by using combinations of dictionary words, if you have a word in your password which can be found in a dictionary, you have an insecure password. - DO NOT use sequential numbers or key sequences.
As identify and account theft continues to be on the rise, I am sure you have noticed that virtually all accounts where you must create a password have continually made stricter requirements for minimum password length and use of multiple types of characters. As a common (and bad) practice, it is typical for people to simply add sequential numbers to their password, this practice is just as easy to crack as a dictionary search since these programs will now also search for various sequential combinations on the keyboard. Using text like “12345”, qwerty, “ABCDEF”, “11111”, “5678” etc might be easy for you to remember while making you password but this does not make up a secure password. - Change passwords regularly
Fortunately most accounts require you to change your password at least annually but this is not for all accounts. Most large corporations require their employees to change their password every 30, 60 or 90 days and you should too! - Use multiple passwords!
Your email address is commonly your login ID to many of your accounts. Additionally, most people use the same password across all their accounts as well. If one gets hacked, they can all get hacked in a matter of seconds. Imagine someone gaining access to your email account, now they potentially have the ID and password to log into your bank accounts, social media accounts, data storage accounts and so on. In many cases even if you do use a different password on some accounts, chances are the hacker can simply do a “forget password” and change it via email. In the past, I’ve rotated 5 passwords across all my accounts, with all the recent breaches I now have more than 10 different possible passwords I might use and that number continues to grow. - Use different user IDs
Similar to above, mix it up. If your account name is jsmith@gmail.com for all of your accounts, you become a pretty easy target if your password is compromised. - DO NOT keep your passwords and user IDs written down or stored in plain text on your phone or computer.
I have seen it with countless customers, they need to provide me with their password for their cable provider and pull out their iPhone, then the notes app where they have every user ID and password for every account they have stored in one place. If that iCloud account is hacked, the hacker now has access to everything. “Then how do I keep track?” keep reading! - DO NOT use any public or easily obtained information as a part of your password.
This includes close family member names, birth years, pet names, favorite vacation spots, home address etc. All of this information can be easily found in public records or on social media with ease. Imagine you have a dog named Duke, and you happen to use a password of Duke12345. You take Duke for a walk, post it on Facebook publicly with a seemingly innocent “Taking Duke for a walk to the dog park today!” and now you have provided the world with a potential word used in your password based on common practice of most people….don’t be that guy/girl. - DO NOT use any variation of “Password” for your password.
This includes P@$$w0rd123, p@ssw0rd, P@s$Word! and any other variation you can possibly think of. - Use “Shneier’s Method” when creating passwords.
Bruce Schneier, a security expert developed a concept of converting a phrase into a cryptic password (by incorporating numbers and special characters) that is both easy to remember and hard to crack. To use the same example in #8, instead of using something simple like Duke12345 try creating a phrase such as “I love taking Duke to the park”, then get creative with upper, lower case, numbers, and special characters (spaces should count, in most cases) to create a complex password that is easy to remember.
“I love taking Duke to the park” can easily become “!L0v3 t@k1ng DUK3 t0 th3 P@rK”. By using an entire phrase and swapping special characters and letters with numbers, you are creating a long and complex password that would be very complicated to for someone to crack yet easier for you to remember since it is something you are familiar with. Sure just like changing any password it will take time to get used to, but you will get the hang of it soon enough. You can use shorter phrases but remember, the longer the better. Another shorter example: K33pTH3h@cker$)UTw1th#$ (Keep the hackers out with numbers)
With all these new passwords, how can you possibly keep track?
The best way is to never keep record of your passwords anywhere other than in your head. If you forget a password, you can always reset it in a way a bit more complicated than just clicking on “forgot password” and clicking on a link in your email to change the password. Today, you might receive a code via text message which you must first enter into the webpage from the link you were emailed, or answer a variety of security questions (#11 Think about how many websites know your mother’s maiden name?, If you can create your own questions, do it and don’t use your favorite baseball team either!). Sure the process of changing a password is getting more and more complicated (and with good reason) and you might even have to create a new password you haven’t used before, just remember this is for the safety of you and your data and is a necessary evil to keep things secure.
If you absolutely must store your account information, use REPUTABLE software which is intended for this purpose. There are a variety of software out there which can store your information in an encrypted manner so a password is needed to get to your passwords. This password should be VERY complex, consider it the master key to your life. Also don’t put all your eggs in one basket, what I mean by that is don’t be afraid to use multiple REPUTABLE (don’t grab a mobile app created by Hacker Joe) software applications and store some IDs in passwords in some locations and others elsewhere. Programs like Evernote allow you to keep notes protected by not only an ID and password but you can also encrypt individual sections of text with another password. KeyPass is a well known application built specifically for storing of passwords in a safe and encrypted manner, there are many others out there, just be sure to research and be sure they are reputable.
Keeping passwords on paper is safer than digitally, however you must secure that paper. Keep it in a safe, do not leave it lying around in a notepad next to your computer, on your desk, or on post it notes stuck under your keyboard or behind your monitor (you know you do it). These are the first places someone would look despite how sneaky you think you might be.