You've been exposed...Now what?!
We’ve been on the internet for almost 35 years, yet we still haven’t learned our lesson about online passwords. According to a recent security study, the most commonly used web passwords are things like “123456” and “password.” Sure, they’re easy to remember, but that makes them just as easy to hack. And if you use that simple password across multiple accounts—as a reported 92 percent of online users do—that puts all of your data at risk. Here are eight tips for ensuring your passwords are as strong as possible.
1. MAKE YOUR PASSWORD LONG.
Hackers use multiple methods for trying to get into your accounts. The most rudimentary way is to personally target you and manually type in letters, numbers, and symbols to guess your password. The more advanced method is to use what is known as a “brute force attack.” In this technique, a computer program runs through every possible combination of letters, numbers, and symbols as fast as possible to crack your password. The longer and more complex your password is, the longer this process takes. Passwords that are three characters long take less than a second to crack.
My Tip: The more secure a password needs to be, the longer you should make it. Think financial institutions, shopping sites, and online applications that are connected to a credit card or bank account.
2. MAKE YOUR PASSWORD A NONSENSE PHRASE.
Long passwords are good; long passwords that include random words and phrases are better. If your letter combinations are not in the dictionary, your phrases are not in published literature, and none of it is grammatically correct, they will be harder to crack. Also do not use characters that are sequential on a keyboard such as numbers in order or the widely used “qwerty.”
My Tip: Come up with a phrase that you will remember. Then use the first letter of each of the words to form a nonsense phrase. For example: My dog is my best friend and I love him more than anyone on earth! Mdimbfailhmtaoe!
3. INCLUDE NUMBERS, SYMBOLS, AND UPPERCASE AND LOWERCASE LETTERS.
Randomly mix up symbols and numbers with letters. You could substitute a zero for the letter O or @ for the letter A, for example. If your password is a phrase, consider capitalizing the first letter of each new word, which will be easier for you to remember.
My Tip: Remember when I came up with the phrase? Well, if I need a symbol then I will make my phrase take place somewhere. For example: My dog is my best friend and I found him at my favorite park! Mdimbfaifh@mfp!
4. AVOID USING OBVIOUS PERSONAL INFORMATION.
If there is information about you that is easily discoverable—such as your birthday, anniversary, address, city of birth, high school, and relatives’ and pets’ names—do not include them in your password. These only make your password easier to guess. On that note, if you are required to choose security questions and answers when creating an online account, select ones that are not obvious to someone browsing your social media accounts.
My Tip: If you have posted it on Social Media it should not be used in a password.
5. DO NOT REUSE PASSWORDS.
When hackers complete large-scale hacks, as they have recently done with popular email servers, the lists of compromised email addresses and passwords are often leaked online. If your account is compromised and you use this email address and password combination across multiple sites, your information can be easily used to get into any of these other accounts. Use unique passwords for everything.
My Tip: I know this seems crazy and I will not lie, it is a big undertaking. It needs to be done, so let's conquer this in baby steps. Start by making a list and work down it a little at a time. Need a starting point? Click here for our form.
6. START USING A PASSWORD MANAGER.
Password managers are services that auto-generate and store strong passwords on your behalf. These passwords are kept in an encrypted, centralized location, which you can access with a master password. (Don’t lose that one!)
My Tip: I definitely use one. At Applied we use MyGlue. MyGlue keeps all my passwords in a secure location, allows me to autofill a password and share passwords with other teams members. Click here for more information on MyGlue.
7. KEEP YOUR PASSWORD UNDER WRAPS.
Don’t give your passwords to anyone else. Don’t type your password into your device if you are within plain sight of other people. And do not plaster your password on a sticky note on your work computer. If you’re storing a list of your passwords—or even better, a password hint sheet—on your computer in a document file, name the file something random so it isn’t a dead giveaway to snoopers.
My Tip: I use MyGlue and within MyGlue I can organize my passwords by folder, applying a different set of permissions per folder. This way I can share the company-wide passwords and keep more sensitive passwords private.
8. CHANGE YOUR PASSWORDS REGULARLY.
The more sensitive your information is, the more often you should change your password. Once it is changed, do not use that password again for a very long time.
My Tip: Set up a monthly reminder in Outlook. Change 5 passwords a month. Remember, baby steps.