Seven Dos and Don'ts for Online Passwords and How to Manage Them
Even Dark Helmet understood the importance of good passwords.
In the Mel Brooks movie Spaceballs, Dark Helmet (played by Rick Moranis) finds out the passcode to the shield guarding Druidia, a planet from which he intends to steal all the air, is "12345." When hearing it, he responds, "So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!"
That was long before the average American needed an increasing number of passwords for logging into Web sites, bank accounts and smart phones and yet, people still use passwords an idiot would have on his luggage.
I am consistently amazed when I talk to clients, friends and family members to find out their passwords are overly simple. Some have gone to the trouble of personalizing them, but only to the degree that they used their mother's maiden name with the number one behind it. Still I find people -- though not as often, fortunately -- who use "password" or "12345" as their passwords for Web sites of critical importance.
The general excuse is that it is too hard to remember all of them and the old chestnut, "Who would want my information anyway?" Unfortunately, when you consider that one overused password once caused a friend of mine to have his bank, e-mail and credit cards hacked, the answer is: more people than you think.
If you are still using really simple passwords, it's time to join the new century and get some security for your online accounts. Here are seven dos and don'ts when it comes to passwords and some ways to keep track of them.
7. Don't use common names or numbers. Things like your birthdate, your anniversary date, your mother's or wife's maiden name, the name of your pet or the street you live on now are bad ideas. They are all things that are fairly easy to find with minimal research, and certain things like birth dates are the first thing identity thieves try.
6. Do use inside numbers and words only you would understand. One of the best ways to get a good start with a password is to use some word or number the significance of which only you would know. Maybe you had a nickname for your pet or your first car. Perhaps a song lyric or the date an album you like was released. Maybe even the street number of a long-lost friend's old address. The more unique, the better, but you'll need more than just that.
5. Do create a system of multiple words and numbers for non-critical Web sites. Once you have a handful of words and numbers, start mixing them up in a range of variations. Most people I know who really value security will have a combination of maybe five or six different words and the same number of numerals to use in various combinations. This will help at least give you some inkling of what a password might be if you can't remember it right off hand, but still keep them complicated enough to confuse anyone who would want to steal them. But, that still isn't enough.
4. Do mix up numbers and letters as well as upper and lower case. Some Web sites won't even let you use a password without a mix of upper and lower case letters, numbers and symbols and, no, "Password1" is not adequate. Don't always capitalize the first letter of the word and don't always put the word and numbers in order. Occasionally throw in a symbol. For example, "Password1" is too simple, but "1pA55w@rd" is much better even though it's basically the same word and number combination. 3. Don't reuse the same password. This is really important. I know it is tough to have 40 different passwords to remember, but there are ways to help organize them (see below). If you use the same password, no matter how complex, and someone figures it out, all of your accounts could be compromised.
2. Do use random password generators. There are tons of great password generators online and even apps that can do it for you. Just do a Google search.
1. Do create unique, complex passwords for critical logins like bank accounts. For the most critical accounts like your bank or credit cards, it's best to generate a completely random password and just memorize it. The most security conscious will not even write it down, but at the minimum, make certain passwords are as complicated as possible and don't reuse them anywhere.
There are a lot of good ways to keep track of your passwords and keep them organized. Here are three.
LastPass is a good option for managing your passwords.
Keeping Track of Your Passwords 3. Apps like LastPass. There are numerous apps that will help you organize and manage your passwords and even online data like credit card and contact information. LastPass is probably the best of the bunch and not only keeps your information secure, but makes it much easier to access and use. I featured them as my App of the Week last March.
2. Keep them in a secure file. Notice I didn't say "on your computer." It can be kept anywhere -- including a CD or a thumb drive -- but make sure you have more than one copy so if one is compromised, you don't lose all your password information; and that doesn't mean keeping two copies on your computer hard drive, either.
1. Write them down...yes, with pen and paper. If you really want to go old school, write them down, but be sure to keep copies in alternate locations. A flood or a fire could wipe out your ability to access critical account information.