Although you may not have realized it, we recently celebrated World Password Day. Did it make you think about your passwords and the safety of your most important information?
It made me think about how I handle passwords. So after I read a few of the features about World Password Day, I dug a little deeper to see what some Internet service providers, IT publications and leading business publications had featured about World Password Day and password best practices. I learned enough to make me rethink my own password ‘strategy’ and thought the information might be good to share.
Passwords hold the keys to each of our kingdoms. Banking and investment accounts, mortgage, insurance, car loan accounts, access to our utilities and a multitude of other apps require passwords to be protected. Passwords let us into the most personal and critical areas of our lives.
Hopefully those passwords don’t let anyone else in.
Protect Your Kingdom
Because you DO want to protect your kingdom, there are some things that you should think about when creating and taking care of your passwords.
First of all, let’s just all admit that we generally create terrible passwords. With minimal information about you, even a dolt with nefarious intent could quickly figure out the keys to your kingdom, slither through your personal, sensitive and critical information, and wreak havoc on your life without ever coming within 100 miles of you.
We lock up our cars, homes, gym lockers, and luggage but leave access to our online selves unprotected.
A PCMag survey of 1,000 U.S. consumers, conducted between April 27 and April 29 of this year, revealed these stats about what those surveyed used in their passwords:
- 19 percent use their name or initials
- 16 percent use their wedding date
- 15 percent use the name of a family member
- 12 percent use their birth year
- 12 percent use a house address
- 8 percent use their spouse’s personal information
These are all big no-nos because one of the most standard of all security measures when it comes to passwords is that you do not base your passwords on easily obtainable information. Many of the folks in the above-noted survey obviously don’t heed good advice.
Don’t Use a Go-To
You should never have a “go-to” password of a few passwords that you use on multiple accounts. The reason we do this is because we can’t remember our passwords.
Here are a few more risky things those surveyed do:
- 28 percent write their passwords down on paper
- 17 percent simply remember them by rotating between their go-to passwords for all of their accounts
- 12 percent rely on their browser’s auto-fill feature to do their remembering for them
- 7 percent use Google Docs or Notes on their computer or smartphone
- 9 percent of survey respondents use the exact same password for all of their accounts – Yikes!
Let Technology Help You Manage Your Passwords
This is where a password manager may save the day. These managers help to secure your accounts by helping you to generate and keep track of unique, strong passwords for every instance where you need one – and can save you from the frustration of getting locked out of an account.
There are lots of password managers to choose from. A recent Entrepreneur.com article noted several paid options they favor including Dashlane, Sticky Password Premium, Keeper Password Manager & Digital Vault. These are generally modestly priced. There are plenty of free password managers too – LastPass for instance. My thought on paid vs. Free is that you get what you pay for.
Should Passwords Go Away?
The world’s residents fail so terribly at creating and using passwords that some believe that World Password Day should have marked the end of passwords altogether and identify better tools for protecting our online selves like two-factor authentication. It is the day after World Password Day and, alas, the end of passwords didn’t come, so we know we must bring the level of protection we provide to our online selves at least up to the level at which we protect that smelly old gym bag.
Even some cyberexperts recommend the four random words method, according to a recent SmartCompany article. Something like ‘boxdoordeskwindow’ – random words, no spaces. Even a sort phrase with no spaces – ‘ilovesmallbusiness’ – is better than ‘2009dancer’. Make your words or phrases complicated: a song lyric, an ambiguous phrase, jibberish
Beef Up Security
If you just follow simple recommendations, you can really beef up your security and really provide some protection for your kingdom!
Here are some easy-to-follow recommendations that are pretty standard across organizations and often shared by the likes of online service providers.
There are three statements that should guide your password management. I think recommendations like these should be memorable, so when I came across this, I thought it was perfect:
Passwords are like underpants:
- Change them often
- Keep them private
- Never share them with anyone
Easy to remember, right?
What does this mean?
- No passwords on sticky notes
- No sharing amongst others
- No password lists in your smartphone notes
- Absolutely no storing of your passwords in your browser memory
Give Passwords Some Muscle
The next recommendation is to make your password strong.
- Avoid using dictionary words
- Make sure it has at least 12 characters
- Include numbers, symbols and upper and lower case letters
What does this mean?
- No using one password – or a few go-to passwords – for everything
- No using passwords that are some combination of your house number, wife’s birthdate or college mascot and graduation year
There are lots of ideas for how to create strong passwords. Check some of them out.
Follow Your Rules
It’s important to follow the rules for password strength and protection every time – not just sometimes. Your security is only as strong as your weakest points (which are those times that you short cut it by re-using a password, writing a password down or sharing one – just this once – with a co-worker.
Double Layer Protection
There are also some experts who recommend the use of two-factor verification – which is an extra security layer requiring a code from your mobile device. This isn’t fool proof. However two-factor verification allows you to add a layer of security for only a minimal loss of convenience. Not all two-factor methods are equally secure. Dedicated authentication apps are a lot safer than just getting a code over SMS. But both are safer than using a password alone. Check out more information about two-factor verification.
Just Do It
One step in the right direction is learning more about passwords and protection of your data. And then setting your own plan for putting what you’ve learned to work for you.