Passwords are a common form of authentication and are often the only barrier between a user and your personal information. However, if you don’t choose good passwords, they can be almost as ineffective as not having any password at all.
There are several programs attackers can use to help guess or “crack” passwords, but by choosing good passwords, you can make it more difficult for an unauthorized person to access your information. We’ll give you tips for how to choose, remember, and protect multiple passwords.
How Do You Create a Good Password?
Most people use passwords that are based on personal information and are easy to remember. However, that also makes it easier for an attacker to guess or “crack” them. Consider a four-digit PIN number. Is yours a combination of the month, day, or year of your birthday? Or the last four digits of your social security number? Or your address or phone number? Think about how easily it is to find this information out about somebody.
KAAL-TV recently reported that the most common passwords are “12345”, “password”, and “baseball”. It’s also common for people to use their email as their password.
Because passwords serve as a gateway to your personal information, we’ve compiled a list of password do’s and don’ts.
Password Do’s and Don’ts
- Use a combination of letters, numbers, special characters, and both upper- and lowercase letters
- Use passwords with at least 8 characters or more and don’t use any words in the dictionary
- Use passphrases when you can
- Use different passwords on different systems
- Change your password every 3 months
- Replace letters with look-alike numbers, such as “4” for “A” or “3” for “E”
- Develop a mnemonic for remembering complex passwords
- Use the first letter of each word in a favorite phrase, such as “Iwadasn” for “It was a dark and stormy night”
- Don’t use your network username as your password
- Don’t use words that can be found in any dictionary of any language.
- Don’t choose passwords based upon easily-obtainable information, including your birth date, your Social Security number, your phone number, or names of family members or pets
How can you protect your password?
Once you have a password that’s difficult to guess, you want to make it difficult for someone to find. Most experts recommend that you don’t write passwords down, tell anyone your passwords, and watch for attackers trying to trick you through phone calls or email messages requesting that you reveal your passwords (see our recent blog post about Phone Scams).
Don’t use the same password for every system or program you log into. If an attacker does guess or crack your password, that person would have access to all of your accounts. Try to develop unique passwords for all of your accounts.
Don’t store your passwords on your computer. According to the Washington Post, the “most secure method for remembering your passwords is to create a list of every Web site for which you have a password and next to each one write your login name and a clue that has meaning only for you.” Even if you forget the password, most websites will ask you security questions or email you a link to reset your password.
Every time you are asked for your personal information – whether in a web form, an email, a text, or a phone message – think about whether you can really trust the request. In an effort to steal your information, scammers will do everything they can to appear trustworthy.
Once someone has your password, they can easily access your personal and/or financial information. Secure your life by creating multiple strong passwords across all your accounts.
Sources: KAAL-TV: Tips to Prevent Cyber Attacks, US-CERT: Security Tip (ST04-002) – Choosing and Protecting Passwords, FTC: Computer Security, Washington Post: Cyber-Security: Creating a Secure Password