Do you have passwords that can be easily hacked by someone who knows a little about you? If you use a sports team name like ‘Yankees’ or a hobby-related term such as ‘surfermike’, anyone who looks through your Facebook profile might have a clue that would make you vulnerable. Do you use the same password for many or all of your accounts? If so, a hacker who hacks your Facebook account can also access your bank and credit card information.
Everybody is concerned about having their identity stolen, but few people do anything about it. With only a few, relatively simple changes, you can greatly strengthen your computer security and protect critical information. According to a Norton study, 73% of American internet users have fallen victim to some sort of cybercrime. Today we seem to have a password for everything, and a good password is the first line of defense in preventing some hacker from getting your personal information. We use a password to logon to our computers, for e-mail, social media, banking, and even to get free coupons.
How can a password be compromised?
There are several ways a password can be compromised
- Someone is out to get you! Maybe you’ve created an enemy, perhaps an ex, or even a nosy relative or spouse.
- A brute-force attack. This occurs when a hacker tries to force their way into an account. These attacks work by using special software to systematically check all possible passphrases until the correct one is found. If they already have an idea of how you created your password, like through Facebook, it is that much easier for them.
- A data breach at a large company with whom you have an account. Unfortunately, there’s not much you can do except change your password as soon as you can.
- Carelessness. We may lose or give away a password accidentally, leave it on an old computer that falls into the wrong hands, have a computer stolen along with its passwords or post them in plain sight on the monitor.
What makes a good password?
Let’s first take a look at these two passwords. Which password do you think is better?
I’m sure the majority of you think it is 1wQ@r6. In fact, the IloveChocolate password is better. Why? Because it’s longer. It might be possible for someone to guess, but only if they know you well. According to the website howsecureismypassword.net, a hacker using a regular PC would take only five seconds to crack 1wQ@r6. It would take 837,000 years to crack IloveChocolate. You could always make a truly random and long password such as 1wQ@r6_!Trx34$, but you can imagine how difficult it would be to remember. By making a few changes, for example, !LoveCh0col@te, your account becomes far more secure.
According to a study at Georgia Tech Research Institute, ideally your password should be at least 12 characters, using a combination of:
- at least one uppercase letter,
- at least one lowercase letter,
- at least one number,
- and at least one symbol (example: ! @ # $ % & * _).
You should also use a different password for each site. While you figure out your passwords, use a website like howsecureismypassword.net to test it. It would be difficult to remember 20 different passwords, but by using a strong keyword or phrase, you can easily modify it for different websites. For example, you can take the password !LoveCh0col@te and add a “Gg,” for your Google account or “Fb” for Facebook to the beginning, making it Gg!LoveCh0col@te or FB!LoveCh0col@te.
A good idea for making the ideal password is a phrase that is easy to remember. Using phrases that serve as reminders make great passwords. For example:
- FbT@keMyP1lls (Facebook password – “Take my pills”)
- Yh_G0forAwa!k (Yahoo password – “Go for a walk”)
How often should you change your password?
If you have a strong password and alter it slightly for each of your different accounts, there is not much need to change your passwords too often, although it is a good idea to use a new one every six months. If you suspect that any of your passwords have been compromised, or if there has been a security breach at a company you do business with, change it immediately.
There is another important consideration. Browsers like Chrome, Firefox and Internet Explorer (now Microsoft Edge) offer to store passwords for the sites you visit. This is a great convenience but also a danger. If your computer is lost or stolen, a person with minimal knowledge can go into your user account (if it is not password protected), open your browser (if it is not protected), look at your browsing history and go straight to your bank, credit card, email or other sensitive accounts. So, by all means, put a password on your user account and/or browser. When you sell, trade or discard an old computer, make sure to destroy your password data (in fact, all your data). If you do not know how to do this, get help from someone who has the skills.
We are all concerned about identity theft these days and it only takes a little vigilance to make ourselves less of a target. Take the time to work out a password scheme you can remember and live with. Test your passwords at a site like howsecureismypassword.net and change them when appropriate. Your passwords and the data they protect on your hard drive and in the cloud are every bit as valuable as your cash or credit cards. Take the time and make the effort to protect them!