One gaping exposure that many people create for themselves when using the internet is flimsy passwords. People make the excuse that is it’s hard to remember passwords. So they often pick easy passwords, or reuse the same password. This is risky. I’m going to tell you of a tool I use to manage secure passwords, and suggest some ways to create stronger passwords.
Secure passwords should be at least 8 characters long, and have a mix of numbers and characters. Don’t use any real word or personal date. These expose you, because they can be more easily guessed. Here are Microsoft’s recommendations.
Keep your secure passwords securely. A piece of paper is not secure, unless you have it locked up. A simple file on your computer or mobile device is equally insecure. You must find a way to secure the passwords. A good way to do this is encrypt them — put a password on your passwords! A good word processor allows you to encrypt files. I prefer a tool made to keep a set of passwords, such as PasswordSafe, which is free.
PasswordSafe keeps all your passwords in one place. You open the “safe” with a main password. Then you can search for the password you need and cut and paste it into the application you’re using. Because you cut and paste, the password can be secure and hard to guess, but still easy to use. PasswordSafe will even make up a secure password for you, if you want. There is a place to keep other information, such as the web address of the site and the answers to your security questions. The passwords are encrypted in a way that is virtually impossible to crack. You must know the password.
I use a very secure password to open PasswordSafe. It is not written anywhere. Should my laptop ever be stolen, and the thief gets past the standard security I use, it would take a million years of guessing to come up with the right password. In this way I only have to remember one password to get any password.
Making up a secure password can seem daunting. There are several things you can do to make your passwords more secure. Random numbers, letters, and punctuation are best. Ordinary words are insecure, unless you use a lot of them. (One password I am required to use is 34 characters of ordinary words. Pretty hard to guess! They call that a passphrase.) It greatly helps to add extra punctuation or numbers, or mix up letters to any recognizable words contained. I also sometimes use parts of song lyrics, such as the first character or two of the words in a line of a song. Throw in some random numbers or capital letters, and you have very secure password, but one that is relatively easy to remember. (If you ever see me tipping my head back an forth at the computer, I might be singing to myself to remember my password.)
Lastly, don’t forget to strengthen your security questions. Easy to guess security questions make even secure passwords insecure, because security questions let you bypass the password! One way identity thieves weasel into a person’s private data is by attacking the email account. If they can guess a security question, they can get into the account, change the password to lock you out, then go to all your websites and use the “I forgot my password” process to get those passwords. Once there, they can transfer money or get your social security number. At that point, the game is over.
Avoid questions such as name of favorite pet if you put pictures of your pet on your blog, or your mother’s maiden name if your family does genealogy, and so on. Those questions have answers that can be discovered or guessed. If you have the choice, pick obscure questions that have answers only a few people know. Increase the security by purposely spelling the answer incorrectly, or backwards. Or, and I give you permission to do this, make up an answer. A question of favorite pet becomes easy if you use the name of an imaginary pet that nobody else knows.
Along these lines, never use personal identification numbers such as your social security number or birth date as a security answer. Should someone gain access to the account or another account, it makes these vulnerable, too. I think your date of birth should be protected. It is an identifying piece of information sometimes used on the phone to verify an account. The less places you use it the better.
Using secure passwords will greatly increase your safety on the internet and reduce the risks of identify theft in your life.