 |
| By MakeUsesOf |
Since
the earliest “You’ve Got Mail” days of the Internet, we’ve been dealing with
passwords, those annoying strings of letters (and numbers) it now seems every
site requires to access the goodies we love about the Web.
It
used to be just your email account. Then it was your online bank and credit
card accounts. Now you have to log in to get your car serviced, pay your
telephone bill and check up on your kids’ grades at school.
The
proliferation of sites that require passwords is meant to increase our
security. But if you have bad password habits, they could be making you less,
not more, secure.
Here
are five pointers on how to create, use and manage good, strong passwords
online.
Avoid dumb passwords
Amazingly,
many thousands of people use the world “password” as their password! At least
they did until security sites began pointing out how easy to guess
certain passwords are, including gems such as “123456” and “qwerty,” the first
six keys under your left hand on the keyboard.
Seriously,
come up with something unique, and not “1111111” or “trustno1.” A good password
is not even a word. Hackers can launch what’s called a “dictionary” attack that
uses brute computer power to rapidly guess millions of possible common word
combinations. Instead, the Federal Trade Commission suggests using random
combinations of letters and numbers.
Never use identifiable
data
People
tend to select a password that’s meaningful to them. Unfortunately, meaningful
information often is public information. Imagine how many websites
currently know your street number, phone number or birth date. All bad password
choices.
Same
goes for favorite sports teams, pet names and just about anything you post on
social media. If you put a picture of your dog Sparky on Facebook, “Sparky” is
a bad choice of a password for you. Making it “Sparky123” is not a big
improvement.
Don’t recycle passwords
What
if a robber who stole your office door key could also use it to get into your
car and your house? That would be bad. It would be just as bad if a hacker who
figured your password could use it to get into all your accounts.
When
thieves breach huge consumer databases, as they did at Target and
Home Depot, they seek username and password combinations to sell to hackers
abroad, who use those combinations anywhere and everywhere they can to find a
match.
Keep track securely
If
you follow all of the best practices long, un-guessable passwords
with numbers and special characters tossed in they’ll be virtually impossible
to remember.
One
solution is to use a password manager which stores those passwords
either on your computer or on a secure server elsewhere (“in the cloud”).
Keeping them in the cloud can be helpful, allowing you to access your passwords
on your mobile devices. Usually, these services rely on a single (hopefully
very strong) master password, making that password the only one you have to
remember.
A
drawback is that even these services can be hacked, whether on your
Internet-connected computer or in the cloud. Make sure you choose a
password manager that offers additional security measures, such as
requiring you to log on both with a master password and a code sent to your
email or phone, a process known as two-factor authentication.
Recognize the limits of
passwords
Assume
that no password is completely un-crackable. It’s just a matter of time and
patience for the bad guys. Strong passwords help, but if a hacker is recording
your keystrokes surreptitiously (yes, they can do that if you click a link in a
scam email and download certain malware), none of it matters.
Sensitive
websites are getting wise to the risks, requiring complex password choices and
periodic password changes and also using increased browser encryption. Two-factor
authentication is a big step up.
Identity
theft and online fraud are no joke. They happen to millions of people a
year. Improving your password security is an important step in protecting
yourself from the pain and financial damage that can result if they happen to
you.
No comments:
Post a Comment