Today’s cybercriminals are finding new ways to make your lives miserable, and one of the ways they’re doing it is by successfully guessing the passwords to your email, social media profiles, and online banking and retail sites, essentially providing them the keys to your kingdom. They’re employing sophisticated software that allows them to target online sites (Target, eBay, JPMorgan Chase, etc.), “guess” the most common passwords – even ones that may seem secure to you – and then sell them on the internet. And, don’t overlook the fact that security threats can also come from people you know… who might know just enough about you to steal or figure out your password (and, please, don’t put it on a sticky note on your computer!).
Therefore, the importance of creating the strongest passwords possible can’t be overemphasized. Simply put, easy-to-remember passwords are history. Your first dog’s name or your children’s birthdates are no longer going to keep cyber-thugs out of your business. It’s time to break out some new password-picking techniques.
First, what NOT to do when creating a password:
- Don’t use any word in the dictionary, even if you, for instance, replace the letter O with a zero; it’s still too easy to figure out.
- Don’t use a name, most especially the name of anyone in your family or anyone at your work, even if you follow it with numbers.
- Don’t use your school/college, address or phone number anywhere within your password.
- NEVER use the word “password” as your password.
- Don’t use common keyboard phrases, such as “qwerty” or “asdfjkl;”
- Don’t use a password that consists of the same one letter or number repeated over and over.
- Don’t use pop culture icons like JimmyFallon or Chewbacca.
- Don’t create any password, regardless of the combination of symbols, that is fewer than 8 characters.
What you SHOULD do:
- Shoot for at least 14 characters, or even as many as 36 … the more, the safer.
- To remember that many characters, use lyrics from a song you love or phrases you can remember, for instance, “The screen door slams. Mary’s dress waves” (most sites will allow spaces in passwords).
- To make that password even more secure (and shorter), try turning it into this: “tsd00rsl@ms!mdw” or, if the site will take a longer password, Th3scr33nd00rsl@ms!M@ry’sdr3ssw@v3s.
- Use gibberish you can remember (but NOT something in pop-culture like “de do do do, de da da da.” Sting can’t help you here.)
- Mix English with another language.
- Mix capitals and lower case.
- Use special characters often.
Experts also discuss the security challenge questions that you answer when you set up an account or must answer when you’re trying to retrieve a forgotten password, but there is some disagreement here. Many say you should lie like heck when you’re giving those answers, in case your infiltrator is someone who knows you well enough to know your first pet’s name or the name of the street on which you grew up. Others say the possibility of forgetting a made-up security answer won’t help you retrieve a forgotten password!
Of course, if remembering complex passwords is simply not something you want to do, there are several password managers on the market. We’ll explore that topic in an upcoming blog.