Take a moment to think about all of the information you have and share online. It’s massive. Even privacy hounds share information online. Think of just what your email contains – plenty of identifiable personal information, that’s what.
Emails with bank account alerts, online shopping receipts, addresses, phone numbers, password and account confirmations from services all over the ‘net. In short: an easy way to make your online and offline life a living hell until it’s all sorted out.
Victims of identify theft aren’t always inconvenienced for a few days or months – it can take years to repair the damage.
What’s the big deal about passwords?
Here are a few things you might be sharing online – maybe even without really thinking about it. For the younger generation, sharing this information is par for the course online.
- Full name & address, as well as “digital” addresses – like email addresses, websites, etc.
- Online shopping history, often with saved credit cards (hopefully encrypted and stored securely by any merchant… but we all saw what happened with TJX, right?)
- Federal loans, like student loans – many of these sites require you to provide a full or partial social security number to log in.
- Credit history and credit scores – again, many tools require that you enter your social security number to log in – and once in, your entire credit history is laid out.
- Credit card online banking logins – and access to increase balances, create temporary/digital credit card numbers, and more depending on your bank and service.
- Checking and savings accounts information, including the opportunity to change addresses, cancel cards, and request new ones.
- Social media: we send out plenty of information across these networks, and we’ve built businesses, relationships and friendships around it.
- Taxes. Do you file your taxes online? Many Americans do. Think of the information that would be compromised if someone got a hold of your login to TurboTax.
That’s just online, at individual accounts. Some would be annoying, some potentially devastating.
Now consider what happens if someone gets your computer, laptop, or even your smartphone. Odds are you’ve logged into many of these accounts. You may have passwords saved on the online forms. Did you know that anyone can get their hands on a fun little browser add-in that will reveal hidden passwords (those black dots you see instead of the characters you type) on any page? If you don’t have a secure password, and you aren’t careful about how you use it, you’re basically giving anyone who gains access to your computer a free pass to fuck. up. your. life.
Wait! Don’t run away, unplug your computer and hitch a ride to the nearest Amish community yet — there are ways to protect yourself, and the very first, and most important thing you can do is to implement some basic password security.
How do you know if your password sucks?
How many of you use a password that has any of the following attributes?
- Child, spouse, or loved one’s name
- Child, spouse, your own or a loved one’s birthday
- Words that can be found in a dictionary
- Contains only letters, or only letters and numbers
- Is equal to or less than 8 characters long
- Hasn’t been changed in the last 4-6 months
If you hit a yes on any of the above – or multiples – you’ve got a weak password and, in many cases, I’m guessing anyone who knows you might be able to guess it with enough time. Especially if you’re using things that are “memorable” to you as a password because you care about them. If they are memorable to you, they are memorable to other people when they think of you. Which means they are one step closer to getting your password and gaining access to everything in your digital life.
How do I create a stronger password policy?
There are four major steps to a good password policy. Follow these, and you’ll, hopefully, never find that you’ve been hacked by some no-account computer nerd with anger issues and nothing better to do .
DON’T USE THE SAME PASSWORD EVERYWHERE
If someone breaks into your email because they got your password… will they also be able to look through your email to find account alerts, online shopping receipts, etc and go log into those accounts with the same cracked password? Isolate the potential break-in. Make sure that if a hacker gets your email password, they don’t get your bank password. If they get your Amazon online account password, they can’t also get into your credit monitoring software. Or your office network. Or anything else.
Use a unique password for each of your banking accounts online. Don’t use the same one for all “Banking type” things to keep it simple. Simple means it’s simple for someone else to figure out, too! It’s worth a little extra effort – use a different password for your online credit card account, your bank, your other savings account, your online budget tracking software – and those should be separate and different than the password for your email, or your student loans, or any other significant online accounts. If you want to use a simple password for the Nick Jr parents area or the Barbie.com site, go for it. :) Worse the hacker could do is go brain-dead playing too much Umi Zoomie.
USE A STRONG PASSWORD
A strong password has a few basic characteristics. It makes them harder to remember. That’s the point – harder to remember means it’s harder to guess. Or crack using sophisticated software.
A strong password:
- Contains 9+ characters. For laptops, you should use 15 characters or more (coming soon: an article all about laptop security. I know you’re excited, try to contain yourself.)
- Contains at least one of all of the following:
- upper case letters
- lower case letters
- special character(s) – i.e. ~ or @ or %
- Isn’t a word that can be found in a dictionary
- Isn’t the name, birthday, favorite sports team, street name, favorite color, etc.
It’ll be easier to remember if you use keyboard patterns to remember. Muscle memory is strong for computer users who are proficient with a keyboard, so it’ll be even easier for those of you who can type without staring at a keyboard. For example, the following password is a pattern: !Q@W#e4r5t <— (hold shift for the first five characters, in a staggered row across the top of the keyboard – then let go of shift and continue the pattern)
You can also use a password generator like these:
CHANGE YOUR PASSWORDS FREQUENTLY
Every 4-6 months, you should change your passwords. It’s like preventative maintenance – don’t give anyone a chance to steal it by virtue of the fact that you’ve been using it for the last 10 years, and it’s just predictable.
Add it to your calendar as a recurring appointment with a link to a random password generator tool – generate a bunch of passwords, change ‘em up online, sit back in your office chair and say smugly, “Foiled again, muthaf*ckers.”
Hint: When you have a few minutes here and there, check to see whether your password may have been recently compromised with Should I Change my Password?
STORE YOUR PASSWORDS SECURELY
For the love of Dog, people – don’t take all the steps above and then SAVE your passwords in your internet browser. Or, if you do — make sure that you are aware of what you’re risking. Once someone’s in, they can change the password same as you would – and lock you out of your account(s). You can also use private browsing for security purposes – not just to hide your porn habits. Heh.
There are password managers that can be used to help you keep track of your passwords without saving them in the browser. Some are handheld, some are computer applications.
- KeePass – Free software password manager
- PasswordSafe – Free software password manager
- LastPass – Free / Premium online / download password manager (offers a lot of great features, like help logging into various websites and secure online form auto-fills. The premium version even helps you generate passwords and export data, etc.) There are even mobile versions for all major phone OS’s and portable web browsers.
- 1Password – Premium downloadable password manager ($40, all major operating systems, free trials available)
- Keeper – Free and premium versions ($30/yr for premium with lots of extra features)
- Mandylion – Handheld password manager / generator. $40
- TX Sytems MyKey Mobile Password Key – USB password manager, form filler. $20
Check them out – it’s worth it. Even those that cost a little dough — it’s a preventative measure. You buy locks for your doors at home and insure your belongings and even your life against disaster – do the same for your personal information online. You can also look into additional security measures – like locking/unlocking your PC automatically with a thumb drive. While you’re at it, make sure you’re following best practices for keeping your Google account safe – a lot of us have a LOT of data on Google servers. Lifehacker, which has already been linked to several times here, also has an article on how to secure your online life the easy way.