I know what you're thinking: not another post about passwords. But the truth is, no matter how many times those of us who live in the infosecurity arena talk, cajole, and plead with users to create complex passwords, instead of following directions, they come crying to us after something bad happens. The results cover the spectrum from security breaches to complete data loss. Since the #1 most commonly used password is “12345678” (although Microsoft no longer allows it for Hotmail), and “password” is the #4 most commonly used password, we can never discuss the importance of passwords too many times. Since passwords are the core of an overall security plan, here are my favorite password-related tips.
PASSWORD TIP 1
Make sure your passwords are complex. Use lower case and upper case letters, numbers, spaces, and symbols. Make sure the password length is longer than eight characters – Microsoft recommends at least 14 characters. Don't use common words from the dictionary or real names. Don't spell your name backwards, use words with common spelling errors, or repeated sequences of the same numbers or letters. Create a phrase or sentence. If you are curious how strong your password is, check it out at How Secure Is My Password [http://howsecureismypassword.net] or use the Microsoft Password Checker [https://www.microsoft.com/security/pc-security/password-checker.aspx?WT.mc_id=Si te_Link].You can also learn how your password stacks up with the Password Strength Checker [http://www.passwordmeter.com] – this site evaluates the strength of your upper and lower case letters, numbers, symbols, etc.
PASSWORD TIP 2
Create a different password for each website you use or wherever you access your data. Don't use the same password for Facebook, Twitter, Google , YouTube, Flickr, etc., because if someone gains access to one account, the hacker could then gain access to all of your social networking sites – contact information, photos, family member names, etc. Also, if you use passwords to access online banking or other confidential information, create unique passwords to access these sites.
PASSWORD TIP 3
If you don't want to remember your passwords because they are too long and complex (hopefully), or if you would like an online site to generate passwords for you, check out LastPass [http://lastpass.com/index.php]. WithLastPass, you will only need to remember one master password to log onto the site. LastPass automatically saves your log-ins and passwords for all sites that you visit. There is a free version as well as a premium version – and the download is available for Windows, Mac, and Linux. While there was news of a security breach on LastPass earlier this year, LastPass remains the leader in the web password manager space.
PASSWORD TIP 4
If you store important documents on your home computer with bank account information, tax information, and social security numbers, make sure to add a password to them. If your computer ever gets stolen, the passwords will add another layer of security to your information.
PASSWORD TIP 5
If you are asked security questions as an additional component of password creation, don't use easy answers. For example, don't use your birthday, spouse's first name, mother's maiden name, your car license plate, or city where you live. For many hackers and even those who know the right websites to search, these pieces of data can be easy to find.
PASSWORD TIP 6
Whenever you sign up on a new site or get assigned a new site to access, there is often a default password. Often, we are so busy that we forget to change the default password – not a good idea. Before you do anything on the site, go first to the settings area and create a new password.
PASSWORD TIP 7
Since most companies require that users change their passwords every 90 days, changing your personal passwords several times a year is a good idea.
PASSWORD TIP 8
Always be sure to log off of the site you are accessing. While you may eventually turn off your computer, this immediately ends your session on the site. Also be sure to visit your Internet settings area and delete cookies, history, and cache.
PASSWORD TIP 9
Don't give your IT Department a heart attack and write your passwords on a Post-It note attached to your monitor. While this sounds obvious, people think no one will notice or that the note will just be placed on the screen for a few moments. If you do this, you are handing your data to a thief on a silver platter – don't do it.
PASSWORD TIP 10
While passwords for PC's are critical, people too often stop there. But since hackers are now targeting smartphones, it is wise to also create passwords for iPhones, Blackberries, Androids, etc. Set up your phone so that you cannot access any built-in apps or downloaded apps unless you enter the password at the welcome screen – and make sure to enter the password each and every time you return to the welcome screen.
What's YOUR favorite password tip?