Password Security

The need for passwords for online accounts has become nearly ubiquitous in our society. There’s email, online banking, social media sites, online retailers, payment websites for utility companies, etc. (Just now I attempted to count how many usernames and passwords I have, but I gave up once I reached two dozen sets…and I know I didn’t cover all of them!) Recently, I’ve realized that many of my passwords aren’t that strong. Given that strong passwords are the first line of defense against cyber criminals, I’ve decided it’s time to take this matter more seriously. With the help of my husband (who just happens to be a forensic examiner in a cybercrime lab), I’ve been working to strengthen my passwords and safely secure them.

Common password mistakes

• Using the same password for multiple accounts. If a criminal is able to break one of your passwords, then he or she will have access to all of your accounts. This mistake has been compared to using one key for all of your locks—house, car, office, safety deposit box, etc.
• Using personal information to create passwords. A major reason people use their personal information is that it’s memorable. Keep in mind that if you can remember it, so can a criminal. If it can be found on a government document (e.g., birthdate, social security number, anniversary) or on your Facebook page (e.g., your dog’s name, your hometown, your alma mater), then don’t use it for a password.
• Using sequences or repeating numbers for passwords. “12345678” may be easy for you to type and remember, but it’s also easy for someone else to guess. So is “asdfghjkl,” which are adjacent numbers on the keyboard. “737373” is no better.

Characteristics of strong passwords

• Length. In general, the more characters in a password, the more difficult it is to guess. For example, “cake” would be an easier password to guess than “chocolatecake.”
• Complexity. Using a greater variety of characters makes a password more difficult to guess. Most sites allow passwords that contain numbers and mixed-case letters. Many sites also allow symbols to be used. Use the full scope of eligible characters. For example, “4ChocolateCake!” is stronger than “chocolatecake.”
• Non-words. To be even safer, avoid using true words. The tools used by cyber criminals to decipher passwords will make attempts using known words, common misspellings, common abbreviations, and words spelled backwards. To easily use a non-word, see if there is a number you can substitute for a letter in a word you’d like to use. For example, use zeros instead of the letter “o” in chocolate (“4ChOcOlateCake!”). You can also choose a phrase and make your password the first letter of each word in the phrase. For example, “tmottb” can be derived from “take me out to the ballgame.” Just be sure to add some diverse characters, such as “TmoTTb45.”
• Variety. As noted previously, use different passwords for each online account.

When I use varied passwords, I sometimes have trouble remembering all of them (which tempts me to use weaker passwords that are easier to remember!). Most sources agree that it’s okay to write down your passwords as long as you use commonsense. If handwritten, they should be kept out of plain sight. If kept on a laptop computer that is taken out of the house for use, it’s safest to keep them in an encrypted file. A regular file is probably sufficient if the computer is only used at home. Regardless of the type of computer, it should be saved under a name other than “passwords.”

This is already a lot of information to remember; however, there are two additional notes. First, never respond to emails asking for your password. The sites where you have online accounts already know these, so an email asking for them is likely a phishing scam or something similar. Second, be extremely wary of signing into any account using computers at internet cafes or in hotel business centers. These computers may—with or without the knowledge of the business owner—contain malware such as keyloggers that can record every key you type on the keyboard, including any usernames and passwords you enter.

With all this in mind, the online world seems like a pretty scary place. It’s great that relatively simple, commonsense steps can significantly reduce the threat of being taken advantage of. Are you in the habit of developing strong passwords? How do you make sure you remember them?