Weak passwords are a prescription for financial and medical disaster. Imagine this: You create an easy-to-guess password to protect your medical records, health app or banking login. Hackers use software to crack your weak password and gain access to all of your electronic health records and financial accounts. They sell your private information, drain your medical benefits and destroy your credit – all because you used your dog’s name or child’s birthdate as a password. Here are seven password habits to maximize online account protection:
- Make it memorable (but hard to guess). Our #1 excuse for weak passwords is that most people haven’t been trained on how to create easy-to-remember, long and strong passwords for a whole bunch of different websites. The first rule is to make it memorable by relating it to the website you are visiting. For example, if you are creating a login for Dr. Oz’s website, relate it to your favorite image from The Wizard of Oz (e.g., Toto the dog). If it’s for the Auburn Hills branch of your bank, you might use a line from the Sound of Music (e.g., The hills are alive). The point is to make the name of the website or business automatically trigger an image. However, this step, by itself, does not make a strong password! For that you must also…
- Make it long. Make your passwords at least 13 characters long. The longer you make it, the harder it is to crack. Length is actually more important than complexity. Toto is too easy for a hacker to crack (as are all common names, pet names, birthdates, dictionary words, etc.). To make your password long and memorable, use a complete phrase, lyric or line from the movie (e.g., “Toto, we’re not in Kansas” - 25 characters and easy to remember if you love the movie). This is called a pass phrase due to the use of sentence structure.
- Make it strong. To be strong, passwords should utilize letters (upper and lower case), numbers, symbols and spaces (if allowed by the website). Our sentence above quickly transforms into “T0t0, w3’r3 n0t !n K@n$@$.” Use common symbol substitutions that look like their corresponding characters (e.g., above, I substitute zero for the letter “O”, @ for “A”, ! for “i” and $ for “S”). Use the same substitutions across all passwords to make that part of the memorization job easier.
- Change them often. The more often you change passwords, the less likely hackers are to have a current copy of your password if it is part of a data breach. Thieves may not get around to exploiting your data for months after the breach, and if you’ve changed your password in the meantime, you’re account is much less vulnerable.
- Don’t reuse passwords. When you reuse the same password across many websites, you make it easy for identity thieves to break into multiple accounts. Create a unique password for every site you visit (and even for your mobile phone and computer) utilizing the memory devices above. Your brain can remember 100+ passwords this way. If not, see the tip below.
- Use a password manager. Never store passwords in your contact manager, the notes program on your smartphone, unprotected on your computer or in plain sight. Instead, consider using a password manager to automatically create and remember long, strong, and unique passcodes for every site you visit. The software encrypts your passwords (protects them) with one super-secure master password that only you know. It makes website logins a snap and memorization unnecessary. Just make sure you protect the master password with your life and, as with all passwords, share it with only those people you trust completely!
- Turn on two-step logins. If a hacker steals your password out of a database, you can still keep them out of your account. You do so by adding a second password that they can rarely intercept. One form of two-step logins (often called two-factor authentication) is called text verification. This is where you get a code texted to your mobile phone the minute you’ve entered your password on the website (see how it works). It takes both passwords to unlock the account, giving you twice the protection for very little extra work. The thief might have hacked your password out of a corporate database, but they probably don’t have access to your phone.
You probably already know to never enter your passwords on an untrusted computer (like in the hotel lobby), and to make sure someone other than you has access to your passwords (in the unfortunate case of sickness or death). Don’t think that biometrics (e.g., using a fingerprint instead of a password) is foolproof. Many biometrics are hard to forge, but easy to steal because you leave them everywhere (like your fingerprint).
Most importantly, start to change your weak passwords now, beginning with your most valuable accounts first (banking, investment, medical, credit card, email) and moving on to less critical websites. You can even password protect your credit profile. This simple change of habits could save you thousands of dollars in just a few minutes.
For more password tips and advice, visit www.sileo.com.