10 Steps To Being Password Smart

Security threats aren’t new and have long been part of online life. But the increased attention on them makes now a good time to review ways you can protect yourself. If nothing here feels new, that’s good, as it means you’ve been doing the things you need to do to keep your accounts safe from hackers. Although there’s no way to completely eliminate threats, minimizing them will go a long way.

If someone’s able to guess the password to your email or a social media account, that person can post or send embarrassing things on your behalf. If a banking or Amazon account is involved, someone could pay bills or buy iPads under your name – with your money. What’s worse, getting a password to one account is often a stepping stone to a more serious breach. Someone can use your personal accounts to send spam and scam messages to your friends, for instance and because many services let you reset your password by sending an email to your address on file, someone with access to your email account can reset passwords and gain access to all sorts of things. If the compromised password is one you use for work, someone can snoop around for files on your employer’s network with trade secrets or customers’ credit card numbers.

Here are ways you can keep your password strong to ward off that initial intrusion:

1)    Make your password long

The recommended minimum is eight characters, but 14 is better and 25 is even better than that. Some services have character limits on passwords, though.

2)   Mix Symbols

Use combinations of letters and numbers, upper and lower case and symbols such as the exclamation mark. Some services won’t let you do all of that, but try to vary it as much as you can. “PaSsWoRd!43” is far better than “password43.”

3)     Avoid words that are in dictionaries, even if you add numbers and symbols.

There are programs that can crack passwords by going through databases of known words. One trick is to add numbers in the middle of a word – as in “pas123swor456d” instead of “password123456.” Another is to think of a sentence and use just the first letter of each word – as in “tqbfjotld” for “the quick brown fox jumps over the lazy dog.”

4)    Substitute characters

For instance, use the number zero instead of the letter O, or replace the S with a dollar sign.

5)     Avoid easy-to-guess words, even if they aren’t in the dictionary

You shouldn’t use your name, company name or hometown, for instance. Avoid pets and relatives’ names, too. Likewise, avoid things that can be looked up, such as your birthday or ZIP code. But you might use that as part of a complex password. Try reversing your ZIP code or phone number and insert that into a string of letters. As a reminder, you should also avoid “password” as the password, or consecutive keys on the keyboard, such as “1234” or “qwerty.”

6)     Never reuse passwords on other accounts

…because once one password is gotten hold of it’s most likely that it’ll be tried in every other situation!

7)     How do you keep track of these passwords?

There are programs you can buy, if you’re willing to put your trust in them. I use a word document which I encrypt  with its own password – a rather complex one. I am well aware that if the file gets compromised, all my services go with it. In fact, I once had it on a USB drive, which I had in a backpack that got stolen. I had to spend several hours changing passwords on all my accounts, just in case someone managed to break the password to that file. As a precaution, don’t name that file “passwords.” Name it something generic and boring.

8)   Systems for remembering passwords

Ideally you’ll have a system for creating and remembering passwords without needing the spreadsheet. For example, you might have a string that’s constant, such as “?t7q1b9f8j2o0t0l1d!” (the acronym for “the quick brown fox jumps over the lazy dog” with my area code and ZIP code reversed and a few special characters put in). To vary it, you could add the first two letters of the website you are using to the front and the next four to the end. Or put the consonants in front and the vowels at the end, with every other letter capitalized and the letter O replaced with the number zero. So for Amazon, it would be “mZn?t7q1b9f8j2o0t0l1d!Aa0.” Just try to guess that! Of course, I’m not smart enough to have a system like that for myself.

9)    Whatever system you adopt, it’s good to change your password

…and system – from time to time. And if there’s reason to believe your password might have been compromised, change it immediately.

10)  One other thing to be aware of: Many sites let you reset your password by answering a security question

such as the name of your pet or the name of your high school. Of course, these violate good password practices by requiring you to use something that can be easily looked up. Others ask for your favourite movie or hobby. That might not be easily looked up, but your tastes change over time. Furthermore, because these questions get repeated from site to site, the answers you use violate the rule against repeating passwords. I try to make these answers complex just like passwords, by adding numbers and special characters and making up responses.

You’re welcome.