Password Security

Password Security

Are any of the passwords you’re using similar to those below?

  • password
  • abc123
  • your company name
  • your name
  • your spouse's or child's name
  • your birthday
  • your favorite sport

Then your computer is unsafe like millions of others.

PC and online security is a balancing act between safety and convenience. Researchers say most people make a choice heavily weighted towards convenience.  While passwords may feel like a necessary evil (especially if a particular program requires a password), passwords serve vital purposes:

  • Strong passwords keep your business safer.
  • Strong passwords keep your identity safer.
  • Strong passwords keep your data safer.

The risk of using inadequate password protection is obvious. Web-based applications typically only require a username and password to access. If you bank online, you probably log on to your account using your account number and a password; if you have a weak, easily-guessed password, anyone can have access to your money. Let's make sure that doesn't happen to you.

The first step to using effective passwords is to stop taking the easy route. The most common password mistake is choosing something easy for you to remember: Pet names, hometowns, street names, nicknames, anything that easily springs to mind. While you may think using the street name of your childhood home would be difficult for a hacker to guess, keep in mind a quick Google search can reveal a tremendous amount of personal data about you. All a hacker needs is a little information to make an informed guess.

Easy-to-learn details can be especially dangerous when used with a weak password recovery system. Say a hacker tries to gain access to an account. By hitting the "Can't remember your password?" link and answering simple verification questions using information they learned about you online, the hacker could access your account and even lock you out (from your own account!) by changing the password. One of your social networking profiles could contain all the information a hacker needs to answer simple verification questions like the name of your pet, your mother's maiden name, the city where you were born, etc.

Stop using the same password for multiple sites or purposes. If a hacker guesses correctly once, they can use that password to gain access to other accounts or applications.

So how do you create a strong password? Here are basic guidelines. Make sure your passwords:

  • Do not use words
  • Are at least eight characters long
  • Include a combination of capital and small letters
  • Contain special characters like $, @, *, %, or #

Complicated? Let's make it simpler and still meaningful (and relatively easy to remember) using these steps:

1) Think of something meaningful to you: person, place, event, etc. Make sure it's eight characters long; if you need to, combine two words.

2) If you use two words, replace the space between those words with a special character. For example, if your two words are black dogs, turn those words into black#dogs.

3) Replace a few letters with special characters. For example, you may decide to replace "s" with "$" and "a" with "@". Doing so turns your password into bl@ck#dog$.

4) Now throw in a number. An easy number to use in this case is zero; we'll replace the "o" with a zero, resulting in bl@ck#d0g$.

5) Add a capital letter or two. We'll capitalize the "d," resulting in bl@ck#D0g$.

6) Test your password. A number of free online tools test your password and evaluate its strength. Search for one using terms like "free password tester".

7) Remember your system.

There are other systems you can use. For example, you could start with a sentence that has meaning for you, like, "I want my children to grow up healthy and happy." Take the first letter from each word: IWMCTGUHAH. Then replace a few letters with small letters and a few other letters with symbols. The key is to start with something meaningful but then turn it into a string that is impossible for others to guess or "crack."

Don't want to create your own password-generation system? A number of programs can generate random passwords containing letters, numbers, and symbols. Those programs can also store passwords for you in case you forget; just make sure you protect that program with a strong password you can remember.

Then focus on keeping passwords safe:

  • Never tell others your passwords.
  • Never provide your password by email or in response to a request by email.
  • Protect your password records; don't tape passwords to the bottom of your keyboard, the inside of a drawer, etc.
  • Don't type in your passwords on computers you do not control. Computers in labs, kiosks, cafes, etc could be infected with spyware or keystroke logging software; don't enter passwords if it's not your computer.
  • Use multiple passwords; that way if one is compromised, your other passwords are still safe.

It may take a bit of time to come up with new and different passwords, but doing so can protect your business and personal information from unauthorized use.