Choosing Good Passwords: Keeping Your Secrets Safe from Digital Thieves
There have been many news stories in recent years about data breaches on websites, social media accounts, and mobile and desktop devices. In fact, hacking contributes to the over nine million people in the US that the Federal Trade Commission estimates have their identities stolen annually.
Yet, often, even the most tech-savvy of us fail at choosing good passwords; instead, we default to what’s easiest for us to remember and reusing those passwords. The worst passwords on record, like “password” and “12345” to “secure” critical accounts, are still common.
But that’s also the “easiest” way to get hacked. Adam Levin, Chairman and Founder, IDT911, a data privacy and security firm, says the first mistake people make is assuming it won’t happen to them. “You have to start with the premise that every consumer will be a victim of identity theft because that’s the world we live in.”
So, it’s imperative that we all choose strong passwords and apply strategies to store and protect them. Here are some strategies and tools for that purpose.
Avoiding Big Password Creation Mistakes
“The biggest mistake people make in choosing passwords is creating easily decipherable ones, those that someone who knows them would figure out easily or someone else would guess quickly because they’re not long, strong passwords,” explains Leven, who also owns Credit.com.
Levin adds, “There is so much information available about people that hackers usually can figure out passwords based on that information.” Beverly Harzog, author of The Debt Escape Plan: How to Free Yourself from Credit Card Balances, Boost Your Credit Score, and Live Debt-Free, agrees. She said in our recent article on social media use and identity theft, “People share way too much on social media and very little is needed by identity thieves to break into someone’s accounts.”
For example, people share address and location information, kids’ names and birthdates, pets’ names, their favorite products and celebrities and a lot of other information on social media. Then, they use some of that information in their passwords.
Levin warns against this. “Don’t use kids’ and celebrity names in your password,” he admonishes. “They’re too easy to guess.” Harzog, who has a dog named Marshall, adds, “And don’t use your pets’ names, either.”
Come Up with a Password Creation System
The best way to avoid hacking and choose a strong password is, “Come up with a system, not just a random series of passwords that are new and creative and interesting but not strong,” Levin explains. This is how the system could work, he says:
- Start with a phrase or the first letter of each word in the phrase as your core password.
- Choose something that’s unique to the website for which you’re creating the password (and do this for each website) and put that at the front of the core password.
- Add some numbers before or after that password.
- Use that system for every site for which a password is required.
For example, suppose you’re creating your password at your credit union. You decide to use the phrase, “the shoemaker has no shoes”. This is how you’d create your password:
- Based on the first letters of that phrase “the shoemaker has no shoes,” your core password would be “tshns.” You would use that for each site.
- Because this is your credit union, you could use the phrase “MyCU.”
- Then, add some numbers and characters, like “!2015.”
- Your password for that site only would be “MyCUtshns!2015.”
Share This Image On Your Site
This is the kind of password you’d set up for each website. This kind of password, Levin says, employs the right strategy because it “uses long passwords with numbers, uppercase and lowercase letters and symbols.” These are strong passwords.
Levin also suggests using a different username for each account and, if you must use email, use one that is not used for any other purpose. He also suggests using two-factor authentication where it’s available.
Store Your Passwords Properly
Choosing good passwords and insecurely storing them is counterproductive. For example, says Levin, “Don’t store your passwords on your computer under the filename ‘passwords’ or put them on a sticky note on your computer.”
Levin says cloud storage is only as secure as that server. Instead, he recommends an encrypted flash drive for passwords. “But,” he warns, “Don’t forget its password or lose it.” He suggests having two, with one as a backup, in case one gets lost.
The second option is using a password manager. These apps both create strong passwords and store them. But, says Levin, they, too are only as good as they are secure. If you’re going to use one of these, pick a cross-platform app.
But, before you choose a password manager, do some research and find the one that’s best for you. Also, take other security steps that can help you toughen passwords.
By combining these strategies for choosing good passwords as well as using and storing them, you’ll keep your identity and data safer from digital thieves.