Website breaches are announced on a near-daily basis, to the point that you’re probably tired of hearing about them. Recently, it was announced that LinkedIn – a business-oriented social networking site – had 117 million passwords posted online for hackers to purchase. Several others were reported in the last month, and new ones are likely by the time this message is posted. Other than hide in a cave, what’s a person to do? Here are 6 tips for keeping your passwords secure:
1. Just Say No to Reusing Passwords
Perhaps the election cycle has us whimsical for simpler times, but there is wisdom in platitudes, and Just Say No is one of them. In this context, just say no to the temptation of reusing passwords on multiple sites. The reason hackers are willing to pay for email addresses and passwords to any given website is because they know that many people will use the same password for other websites. They realize you may change your LinkedIn password, for instance, but maybe you use the same password for your Amazon account, or your email account, or even online banking—so make sure you aren’t doing this. Using even slight variations of a password will make a stolen one from one site ineffective on others. For instance, if website A has a password of “Ithinkthisissafe” and website B used the password of “Ithinkthisissafe??”, the second site is not compromised if the first site gets hacked.
2. Think phrases instead of words
Obvious dictionary words, like “house,” are not safe passwords, even if you use basic substitutions, like changing the “o” to a zero (h0use). Neither are combinations of dictionary words, like “redh0use.” Hackers are onto this, and can figure these out easily. Many security experts suggest you make your passwords simple to remember but difficult to guess by building the password based on a favorite phrase or expression, maybe even a line from a song. For instance, you could take the start of Abraham Lincoln’s Gettysburg Address, “Four score and seven years ago” and turn it into various alternatives: “4score&7”, “4sa7ya” (using just the numbers and first letters), “Fsasya” (using only first letters), etc. As long as the phrase is something you can easily remember, the password – even though it is more
3. Stay anonymous
In addition to users’ email addresses and passwords, some hacks have gained access to usernames. Using a different username on different sites makes it again that much harder for a hacker to figure out how to use stolen information on another site.
4. Change is for the better
As much as we are creatures of habit, changing passwords on a fairly regular basis is your best bet to protect your information. By the time a hack is announced, the data often has been compromised for months or even years. (The recently announced LinkedIn compromise traced back to 2012.) Security experts suggest you change your passwords frequently for highly-sensitive information and for sites that control money, including bank accounts, retirement accounts, and PayPal.
complex to look at – may be an even easier one to remember. Add in special characters, such as “$”, “#”, or “!”, for additional security.
5. Keep a low (internet) profile
Many people do not realize just how much information is available about them on the internet. Posting your life story on Facebook, for instance, may leave all the clues a hacker needs to answer your “challenge questions,” and allow someone to reset your password on many sites. To protect yourself, two tips: 1. Do not post anything on the internet that can be used to answer challenge questions you have selected on confidential websites; and, 2. Choose your challenge questions carefully. Your mother’s maiden name, for instance, is not very secure – it’s likely on your birth certificate, and is a matter of public record.
6. Use other resources
Sure, remembering a different password for each site is difficult. Writing them down would present its own security problem. There are other options, however.
Many mobile devices now come with biometrics – fingerprint readers are now fairly common, and other tools now available or coming soon include facial recognition and iris scanners. When available, take advantage of them to store your passwords securely and avoid having to enter passwords manually.
Software tools are also available, including LastPass, DigitalPersona, and 1Password. These tools, which can work with a fingerprint reader or without, allow you to store your passwords in a centralized file, so you only need to remember one password. When you go to a website that needs a stored password, you use the software tool to pass along the stored user ID and password securely, quickly, and easily. The latest versions of the iPhone and iPad operating systems also allow you to password-protect any notes, allowing you to use the Notes app as a somewhat-secure centralized storage system.