Use strong passwords to protect your information online
Passwords, passwords, passwords. This topic is so important I wanted to repeat it. One of the easiest and most impactful things you can do to protect yourself and your information online right now is to use good passwords.
Just a few years ago, we probably visited a handful of sites each month that needed a user name and password. It was standard to have the same password for each site you visited and even more standard that the password was the name of your dog or first-born child, for example. Today, some people can visit up to dozens of sites a week that require identifying information.
The old methods of using the same password for all the sites you visit and using an easy password (such as a word found in the dictionary) just don't work anymore. The hackers have something called a "Rainbow Table" that can guess an easy password in approximately 1.3 seconds.
In order help protect against a Rainbow Tables attack, a password needs to be complicated and long. You may be thinking, "How am I supposed to remember a password with 10 characters much less manage 20 different complex passwords?"
Well, how important is your financial information to you? How much effort would you put into preventing identity theft? Getting into the habit of developing strong passwords — and using a different one for each account has to become second nature.
In the past month, five of my friends have sent me an email explaining that their email account has been hacked. Actually, I had already guessed when I received the emails with a link to sites none of us visits.
When hackers break into your email account and get your password, they have a program that can match up your profile with the top 100 sites you may visit. They then attempt to log into those sites using your information looking for ways to access personal data, credit card information and access to money.
With one compromised account, the "bad guy" can get access to your checking account, investments, work account, online shopping accounts and social media accounts, to name a few. That can happen only if you have the same user name password for all accounts.
So, what are the most common bad passwords we are still using? This article, "Top 20 most common passwords of all time revealed," looks at the top 20 from a list of millions of stolen passwords from the last year.
"Password," "123456" and "iloveyou" are in the top five! One of my favorites is "monkey." How did monkey become a favorite password? We can bet the top baby names in the past 15 years were Nicole, Daniel, Michael, Jessica and Ashley, since they come up in the top 20. Easy to remember is also easy to hack!
The top 500 worst passwords can be an interesting read: www.whatsmypass.com
Check out this list today to make sure your passwords are not in the top 500.
Do you leave your front door open at night when you go to bed? Do you leave your car unlocked with the keys in it when you go to the store? Probably not.
Choosing strong passwords for your online valuables is the same as locking your front door and taking the car keys with you into the store. Let's make it second nature to use a strong password to protect our online identity. Your identity is invaluable — worth more than any material possession you have.
Today's QT (Quick Tip):
Choose strong passwords and use different passwords for each site you visit.
1. Each password should have a minimum of 8 characters.
2. Include one capital letter, one lower case, one symbol and one number.
3. Use a phrase that is easy to remember. For example, “Soup is always a good choice for dinner”. The password would be $1@agc4D. Starting a password with a symbol makes it stronger. Using $ for the letter "s" and 1 for the letter "i" are just examples for substituting symbols for letters that you can remember.
Next time we visit, I will share tips on how to store those great new passwords! Don’t wait — go lock your door today before someone breaks in to your online house.
To get more great information about staying safe online, including access to free monthly newsletters, webcasts and more, visit the Center for Internet Security at www.cisecurity.org.
Kristin Judge is the Director of Partner Engagement for the Center for Internet Security, Multi-State Information Sharing and Analysis Center. She can be reached at kristin.judge@msisac.org.
Comments
YpsiGreen
Sun, Feb 5, 2012 : 12:48 a.m.
Try 1Password. It generates strong passwords and it is a one source to securely store those passwords. All you need to remember is one password (imagine that?)
Ron Granger
Sat, Feb 4, 2012 : 2:03 p.m.
Weak passwords do matter - I think some cretin is sneaking into my Annarbor.com account and posting cretinous missives!
KJMClark
Sat, Feb 4, 2012 : 1:16 p.m.
This is backward. My email account was recently hacked. The password I used was considered strong by every system I used it on. 10 characters, based on gibberish my kids used to say, mixed case, with a number. I'd add in a special character, but some sites ban them. The problem was that a retailer's website got hacked, and the hackers got my password and email address. I usually use a lower security password on my email, but had changed it temporarily to the stronger one. My email account getting hacked had *nothing* to do with the strength of my password. It was the inadequate security of a retailer. The only way to get around that is to have different passwords everywhere (over a hundred different passwords?!?), do less business online (but I've had my credit card number stolen in the 'real' world too), or become a recluse - I can't personally screen the security of every place I do business. I changed passwords in the important places and moved on. Stuff happens.
Peregrine
Sat, Feb 4, 2012 : 4:19 p.m.
As I think you've identified, the problem is using the *important* password for your email account on other sites. You're just gave that password away to those whom you had no reason to trust with that important information. With respect to the merchant's web site, it was clearly poorly engineered. Web sites that are well-designed do not store their users' passwords. They instead store what is known as a salted hash of the password. It's very easy to verify that a password provided in the future matches the salted hash, but it's incredibly difficult to go from the salted hash back to the password. Thus if hackers break into the web site, they won't be able to recover the users' passwords.
Tru2Blu76
Sat, Feb 4, 2012 : 5:45 a.m.
Also: there's nothing to prevent you from providing "slightly altered" personal profiles on non-critical sites like Facebook. Never give your correct birth date on such sites. Avoid providing any work related information on most sites (with obvious exceptions like banks and sites for professionals, job hunting sites, etc.) Just having your real name out there - even through official sources - can lead to problems. A stalker was pursuing our adult daughter some years ago. He was caught after breaking into our home in search of her. Fortunately, he was so irrational that he never bothered to do a name search for her. Her real name appeared in professional publications on the Web (job connected) and I found that out by simply entering her name in the Google search box. Do NOT use real names as image file names ("johndoe1234.jpg"). a "Social contact" with millions of total strangers is a RIDICULOUS and sometimes dangerous concept. If one has that great a need to advertise their "real selves" - that indicates a need for professional guidance.
scott
Fri, Feb 3, 2012 : 11:42 p.m.
Financial records are one thing, but I don't need a high tech password for every site that requires one. I don't give a crap if someone hacks into my livejournal......
Tex Treeder
Sat, Feb 4, 2012 : 12:13 a.m.
Despite what I wrote earlier, I agree with this. I break my logins into 2 groups: ones I care about and ones I don't; or ones that would matter if they're hacked and ones that wouldn't. A generic password works well for some (like A2.com; sorry, nothing personal) and a strong password for others (for my PNC Bank login, for example).
Tex Treeder
Fri, Feb 3, 2012 : 11:32 p.m.
Passwords are like underwear: Don't leave them lying around. Change them often. And don't share them with friends.
Phil K.
Fri, Feb 3, 2012 : 11:24 p.m.
There's a great webcomic from XKCD regarding password strength. While the methods you give are good for building a strong password (though, to be fair, even 8 characters is pretty breakable by today's standards.), they're tough to remember. <a href="http://xkcd.com/936/" rel='nofollow'>http://xkcd.com/936/</a> Instead of adding "1" to the end of your password to make it long enough to fit requirements, try adding a symbol and a phonetic. Alpha, Bravo, Yankee, we all know them and they make your password easier to remember. 12345 can become 12345?Alpha. Twice as long, meets complexity requirements. Using a dictionary word is a bad idea if that's all your password consists of, but in conjunction with numbers and symbols, they're fine. Another tactic is to use whole phrases. "AllYouNeedIsLove1969!" Great password, easy to remember. "MyWifeIs57YearsOld." "IForgotMyAnniversary2times?" Those will meet any complexity requirement. The comic is right. We're at a point where instead of using a password that's easy to remember, we're not teaching people to create strong, *easy to remember* passwords. We're driving users to post-it notes on monitors or under keyboards, and that's even worse.
Bob Martel
Fri, Feb 3, 2012 : 11:23 p.m.
Thanks for the tips!