As more of our daily lives migrate to an online medium -- banking, shopping, social networking, etc. -- account security is becoming increasingly important.
Fortunately, there are steps you can take to secure your accounts and prevent unauthorized access, starting with your passwords. Here are some rules for keeping your online accounts safe:
Rule 1: Use different passwords for different services or use a password manager.
You may have one really complex password but if you use it for all your accounts, it takes one compromise for all your accounts to be compromised. By using different passwords for different account, you make it more difficult for others to access your account.
Password managers will take the hard work of remembering out of it for you. They will create random, strong passwords for every site you log on and store them safely so that you don't have to remember it. Here are a few password managers we recommend:
Passwords are the weakest form of security but are commonly used to secure access to IT systems because of cost effectiveness. The more complex you make a password, the longer it would take a malicious user to correctly determine the password to gain access. Passphrases may be longer than passwords but are easier for you to remember.
Creating a Passphrase
Passphrases can be stronger than passwords because you are creating your own acronyms and not using chunks of words found in the dictionary. A planned passphrase approach, makes changing passwords on a frequent basis easier, thereby improving your account security. Here are a few options for creating passphrases.
In all cases you want to incorporate numbers and special characters to increase the strength of your passphrase. This may sound complicated but it simply means to swap out some letters for characters. For example, the letter "i" could be and exclamation point (!) or the letter "o" could be the number 0.
This is a great option because you can move through the song, using it create new passphrases for a year or longer. Here's an example using Sam Cooke's, A Change Is Gonna Come:
!w88tr!alT = I was born by the river in a little tent
0&jltr!8reS = Oh and just like the river I've been running ever since
Here's the pattern followed:
- Letter i is replaced by !
- Letter o is the number 0
- Each passphrase ends with an uppercase letter
- Ampersand symbol used for word "and"
Phrases You Can Easily Reuse
Here's an example using the history of pet names. Using similar swaps as the song lyrics you can go through all the pets you've had in your life. Or it could be car models, street names of where you lived, your favorite books, your favorite movies, etc.
t1d!hwnS = The first dog I had was named Scooter.
t1c!hwn^^P = The first cat I had was named Mr. Puff.
t2d!hwn8 = The second dog I had was named Ben.
Other examples "The first street I lived on was Nottingham Way," and "My favorite book as a child was The Lion, The Witch, and the Wardrobe," and "My favorite book as a teenager book was Animal Farm." Notice these use information that can be easily recalled by you and may be personal, but creating acronyms from phrases would make it almost impossible for someone close to you to guess your password.
Rule 3: Change Your Passwords Regularly
Set a password changing schedule.
Some security experts suggest changing passwords on sensitive acccounts every 30-60 days. (How often do you change your banking account password?) At the least, consider changing passwords every 6 months. What are some ways to establish a schedule:
- Change all your account passwords when you change your clocks for Daylight Saving Time.
- Change your passwords on the first of every month after you finish paying bills.
Why is it important to change passwords regularly? Because each time we use a password, we're passing that information to the Internet. Even in an encrypted form, the more often that password is sent to the Internet, hackers are able to target it.
Rule 4: Know What Makes a Password Vulnerable
- Mistyping your password into the username field. It's happened to the best of us: you accidentally type your password into the username field and try to log on. When you do this, you've just sent your password to the Internet without any encryption. The moment this happens, change your password.
- Using known information about ourselves as the basis of a password. Avoid using birthdays, anniversaries, names of family members, street address, etc.
- Storing your password on your computer/smartphone. Yes, it's convenient, but before you click "save," consider who has access to your computer or phone and thus to your various accounts.
- Using complete words.
- Using repetitive characters.
- Using any of the popular passwords.
- Using the same password across multiple accounts.
- Writing down your password -- while it's best not to document passwords anywhere, sometimes the variety of passwords and accounts you need to maintain makes this impractical. If you do document your passwords, protect them like you would your money.