With more recent news about millions of accounts being hacked across the web, here are some suggestions that may help you manage your passwords better so that you can improve your on-line security.
1. Don’t write them down
It may seem obvious, but many still do write down their usernames and passwords. Imagine the bonanza that presents when a thief steals your diary or notebook from your briefcase or handbag with all of your account details and passwords? The canny thief will even recognise those passwords you think you have disguised as phone numbers and addresses. If you have a smart phone, there are now plenty of apps that can manage and protect your vast password lists, for example PasswordBox.com (opens in a new window). If you really do have to keep your passwords written down, then don’t keep them close to the computer where burglars could easily take them along with your computer. Hide them somewhere inconspicuous and certainly don’t take them out with you where they are vulnerable to theft and misplacement.
2. Don’t use words that can be found in a dictionary.
Hackers use password crackers that can work through the dictionary at rates that would make your eyes bleed. Create a password that consists of two words or better still include symbols or numbers and a mix of upper and lower case. There are various ideas for creating passwords including substituting $ for an S, a zero for an O or any other symbol that makes sense. e.g. $w1ngH1gh. Some may find it easy to think of a phrase and take the first letter or number of each. For example, I Came 2nd in the Village Flower Arranging Competition on 2nd of August boils down to “IC2itVFACo2oA” – pretty strong and un-crackable. If you can use this strategy against all websites, by introducing into the phrase something about the website, then you’ll be in a strong position to protect all your accounts.
3. Don’t use your pets name or a name of something personal
These could be easily guessed through brute force. Trawling through a Facebook account can often provide useful ideas to hackers for someone’s password or password reminder hints.
4. Make your password at least 9 characters long
The longer the better. It makes them much harder to guess and break.
5. Don’t use the same password for different sites.
We know it makes sense, but when you access hundreds of websites, this becomes complicated and difficult to manage. There are various strategies you can adopt. If the site does not involve anything financial or anything personal then your risk is less if you are compromised. The recent hacking from a gang based in Russia is believed to have been so successful because the hackers were able to move from site to site using the same credentials. Ask yourself what it is and the value you’re trying to protect behind the password and how you would feel if you lost access to it … perhaps forever. How would you feel if the information behind that password was stolen and used to steal your identity? What if the hacker could then use your stored card details to buy things and have them sent to a different address? So if one site was compromised, then it is possible that others could be to if you use the same credentials. Use strong passwords for sites you really do want to protect. You may consider it OK using a simple password for those sites that are of no real consequence, such as signing up for a newsletter or to download a report. This means that you can focus on stronger passwords for the sites that really matter to you. Don’t forget too though, that on a social site or forum your persona could be hi-jacked and posts made on your behalf if you don’t take care. So consider your reputation too.
6. Change your password on a regular basis
You account details may have been harvested but not used generic form of adipex yet. Changing your details on a regular basis will help increase your safety.
7. Don’t share passwords
No matter what pressure you’re put under by family, friends and even colleagues, don’t share you passwords. Sharing even one or two may allow someone to predict others. It may even get passed on accidentally or otherwise. It also means that should you fall out, that person cannot get access to your account and perhaps ruin your reputation before you’ve remembered you gave them access sometime ago.
8. Change your password if you see suspicious activity
If you notice something strange with you account, it can’t hurt to change you password immediately, just in case. You would also be wise to change the passwords on you other accounts, especially if you use the same or a similar one.
9. Don’t use common strings or keyboard patterns.
Don’t use these common keyboard patterns like QWERTY, 12345, 111111 or “password”. This would also include other familiar keyboard patterns where a user uses keys that are located close together. Hackers check these too.
10. Reverse words or numbers
Consider reversing passwords if you must use familiar words. Although I did once have somebody suggest my password might my dog’s name in reverse – which it was! So I’m no longer a great advocate of this strategy.
11. Centralised sign-on services
The Facebook sign-on is very popular and allows you to login to other sites by simply allowing Facebook to do it for you. This a good strategy, provided your Facebook password is strong and secure.
12. Dual Factor Authentication
Sometimes know as two passwords. This method increases your level of security and is becoming more prevalent when accessing banking sites or using mobile banking apps or for sites where the risk of loss is considered significant should a compromise occur. Apple have also recently introduced it into their iCloud service as an option. The user is required to use a password and some other pieces of information that only they know. Some sites may also expect you to use another device such as your mobile phone as part of the sign-on process even if signing on from a computer.
13. Recovery Email Address
Make sure that for all your accounts, the email and details held is recent and you know what they are. Some sites require an email address and a special phrase before you can execute a password reset. Other may expect you to have a mobile they can send a verification code to via SMS.
14. Password protect your computer, tablet or phone
Your device is your gateway to the Internet. If this is stolen or left open for someone to access, then others may be able to access the websites you have bookmarked and stored a password for. Make sure this password is a strong one.
15. Password reset challenge questions
such as name of first pet, mother’s maiden name are designed to help you recover your password. They are also easy to hack if the hacker has got into you email account, knows something about you and now want to take control of your other accounts. It may look like you should be storing you mother’s maiden name, but you could type in any piece of text when setting the account up. If you do this, it will make it a lot more difficult for a criminal to take control of your other accounts. Remember also that answers to these questions can often be gleaned from social media sites such as Facebook.
16. Avoid use of birthdays or address information
as these are offer patterns or pieces of information that can be hacked. If you need to use numbers, find something random to use such as the number unemployed for that month.
17. Don’t store the password in your browser
Its easy to do and browsers even prompt you for it. But if your computer is stolen, you could have left the door wide open to the thief accessing your accounts.