Passwords have become a ubiquitous part of life. This is because so much of life now takes place online. Many people shop online and each of these stores request a password. Social media sites also want passwords. Banks offer online access and naturally they want passwords. In theory, these passwords protect the consumer. But having a password isn’t enough protection from hackers.
For starters, many people use the same password over and over. Yes, this does make life easier. For you. And for hackers. Theft, both monetary and of your identity is what a hacker is after. Therefore, a password is of utmost importance.
I have had the privilege of working with several IT gurus. They each have their own insights into password security. Each say total security is impossible. Security breaches will happen. But steps can be taken to reduce that risk.
First, don’t save your passwords on a computer file or even a caveman file, named passwords. Preferably don’t have a written list at all. But if you absolutely need one, bury it under a different name or folder. Second, don’t use the same password over and over again. Ideally each password should be unique. Yes, that means dozens of passwords.
Passwords should not be obvious. In other words, your online bank password should not be Bank 1234. However, there are some ways to compromise so that you can remember a password without writing it down.
It is also a terrible idea to share passwords. My family gets frustrated with me because I will not even share my password to fire up my computer. Just remember that old adage: loose lips sink ships and politely refuse.
Another poor habit regarding passwords is using the same one forever. I am guilty of this myself. However, there may be some safety in my approach. My one account that has not changed in almost 10 years is a social account. It is tied to an email created to join that network. Neither the email, nor the password has been used for anything else. My other accounts are changed on a regular basis.
If at all possible, do not log in on public computers. Public Wi-Fi is also a sketchy proposition. Furthermore, if you are in a public place be sure to keep your laptop, tablet or cell phone with you at all times.
Breaches in security happen frequently. If you are contacted about a breach do not delay in checking the account. After scanning for unauthorized activity, change your password, even if it is fairly new. Because a breach means someone may have access to your password.
Businesses are changing protocols in response to hackers. For example, I recently booked an international flight. The first day’s attempt went nowhere. The airline site kept sending an error message. Turns out their security had just been breached and they shut their system down. The following day they were up and running. But a digital code was needed to complete the purchase. The code was emailed to me from the bank which issued my credit card. This double-check is a necessary nuisance.
In addition to businesses instituting double checks, strong passwords are important. The strongest are software generated. These are available both online and offline. Naturally, both have some risks. Anything online can be hacked. Furthermore, with the IOT (Internet of Things) even some risk occurs with software uploaded onto a computer. Nevertheless, computer generated passwords are extremely strong.
There are some old school methods to creating a random password. A favorite of mine is to use a newspaper. Find an article and count down a random number of words. The word you use should be at least five characters long. This will serve as a base for your password. Then scan the paper for a number with at least four digits. Combine the two making sure to capitalize one letter and one number. For longer passwords add a second word or set of numbers. This method is great for creating a password you will never use again and don’t need to remember.
Very strong passwords are needed for accessing accounts held in financial institutions. These passwords should also change frequently. This includes accounts such as savings, money market and C.D.’s. People routinely monitor their checking account, but all types of accounts are vulnerable.
I like using short sentences for these accounts. Then I can remember the words and hopefully how I altered them. For instance, She Hates Turkey can be written as $H3h2t3sTurk3y or S434@tuRK3y or $434@T3$turk3y. You need to create your own secret code. These short sentences can reflect the business such as Always Great Service or the day you created the password: Rain, rain and more rain. The trick is to alter the letters into numbers and symbols. And then to remember how you altered them.
Numbers are easily converted to symbols. Simply shift to capitals. For a really difficult password, set the cap lock before typing a series of random letters and numbers.
However, using an alteration of the company name is not advised. Randomness and length are what lead to strong passwords. So if the site says a password should be 8-20 characters long, don’t settle for 8.
In my opinion, social media presents great opportunity for hacking. For one reason, many people use the apps and so they don’t sign out. In other cases, public devices are used and then clicked off without signing out. This leaves the door wide open.
The best solution would be similar to what I referenced above, have a separate email and a separate password for each. The next best option is one email for social media sites that is never used elsewhere. Again each site needs a unique password.
However, if the accounts are already set up and an email is used for both social and non-social sites, make sure you change passwords often. By often, at least four times a year and more frequently is better. Don’t simply change a digit at the end of the password to make it new. For example Twitter1 should not become Twitter2.
Passwords for social media accounts should never be used elsewhere.
Creating a new email account for business only is advisable, but sometimes the migration in use is slow. I have multiple email accounts in order to keep usage separated. But these email accounts do lead to vulnerability. You are not required to provide an email at box stores. However, many online merchants require the information for purchase.
Organizations are now requesting emails as a form of communication. Almost everyone I know has an email. (I can count two holdouts.) But not everyone understands how to safeguard these accounts. Passwords for emails need to be very strong.
Due to the rise in fraud, many transactions are verified through either email, phone call or text. An email account can be open on more than one device at a time. If someone has access to your email account and its password, fraud is easily committed.
Therefore, vigilance is needed. Many of the carriers notify via email if a new device has signed onto the account. If this was not you, take action immediately.
Cyber security is crucial for protecting your identity and your assets. Strong passwords play an important part. So does a vigilant attitude with respect to changing passwords and screening for breaches. Remember to use a unique password for each account. Change passwords frequently. Finally, look for the secure symbol on websites before submitting emails and creating passwords. Never enter credit information without the padlock symbol and the word Secure on the browser line. Sites such as Econogal pay for this extra security. Just another step in protecting your identity.
3 thoughts on “Online Passwords”
On passwords and security…great article. I would add, whenever possible use the two step authentication, and preferably by text, where you have to physically have your phone to proceed. It is a pain, especially when you have left your phone in the kitchen and you have to get up and go get it….but well worth it. I also use text alerts on all financial transactions. Takes the surprise out of Christmas, but again worth it.
I think a two step process will become commonplace for all large transactions within the next few years. My airline purchase came via email versus text, but I have access to both on my phone.
Comments are closed.