I work with people every day who entrust me with their passwords so I can assist them with their tech issues, and I am constantly amazed at the overly simplistic nature of passwords for tremendously important data. It is reminiscent of the scene in Spaceballs where Dark Helmet says of the code to a planet's protective shield, "So the combination is...one, two, three, four, five? That's the stupidest combination I've ever heard in my life! That's the kind of thing an idiot would have on his luggage!"
Yet, shockingly, far too many people are more concerned with their ability to remember a password than with its safety. With the recent Heartbleed security vulnerability and now the most recent hack of popular auction site Ebay, there is one thing everyone can do to protect themselves: change their passwords. Every time a company is hacked, it immediately tells its users to change their passwords.
By now, this should be common practice for anyone who uses the Internet with regularity, but it's not.
And, yes, I know you hate doing it because it's so easy to remember that every password is your kitty's name plus 123 at the end, but that is exactly what people who breach the security of websites you use want. The easier the password, the more likely it is your information will be compromised.
Companies who protect your data go to extreme lengths to do so, but their greatest single vulnerability is your weak-ass password. So, here are some tips for password use.
Variations on a password theme aren't complicated enough any longer.
One common method for producing easy-to-remember passwords has always been to use a series of words and numbers combined in different ways. Using the name of a pet and the last four digits of an old girlfriend's phone number and capitalizing randomly seemed a pretty good way to keep hackers at bay and make memorable passwords. Not any longer. Security experts admit that with the sophisticated technology and code-breaking algorithms run by criminals, having a set of words and numbers can actually be WORSE for security because it leaves every site that uses that pattern vulnerable once the first one is cracked.
Use a random password generator.
The best way to ensure a good password is to use a password generator to create one. Go with at least 12 characters and include numbers as well as lowercase and uppercase letters at a minimum. Punctuation is also a good thing, assuming the website doesn't prevent its use. The more complex, the better.
Change all passwords routinely, but especially stuff related to money.
Admittedly, certain places rank lower on the protection scale than others. And while all should be changed regularly, certainly banks, credit cards and any place that stores your monetary information (e.g., Amazon or anything with bill pay) needs to take priority.
Use a password storage and encryption service.
There are a number of reputable password storage apps like LastPass, Password Genie, SplashID, Roboform and others. Most charge an annual fee, and it is worth it. Not only do they help store and encrypt your passwords so that you can easily log in to your sites securely, but they can also guard your credit card and personal data as well. The obvious concern here is if that service is hacked, but this is a much better option for password storage than a slip of paper in your desk drawer -- don't think we don't all know.
If you like this story, consider signing up for our email newsletters.
SHOW ME HOW
You have successfully signed up for your selected newsletter(s) - please keep an eye on your mailbox, we're movin' in!
Social media passwords are JUST as important. Don't skimp on them.
You might not think that social media sites like Facebook or Twitter don't rank high on the protection list, but these sites aggregate tons of personal information about you, your friends, your family, your habits and sometimes even your financial data -- you bought those Facebook credits with something. Consider these nearly as important as your bank.
Don't use the same password for multiple websites.
This should be obvious, but if it isn't, here is your warning: If a hacker can figure out your clever password scheme, he or she can certainly figure out one password. Don't make it easy on that person.