Passwords are Like Seat Belts
They can help protect you, but only if you use them correctly.
Every day we get in our cars and fasten our seat belts. Why? Because we know our odds of getting hurt are lower with them than without them. We know that seat belts won’t protect us in every kind of accident, but we still dutifully fasten them every time.
Every day we also use passwords — mostly without a second thought. Our only fear around them is that we will forget them, so we make them easy to remember. As a result, however, we leave ourselves open to someone breaking into our accounts.
In an effort to try and protect us from ourselves, websites and programs have begun requiring more and more complex passwords — passwords are rated based on how many years it is estimated it would take for a hacker to break. Many will reject common passwords or those with your name in them. According to Microsoft, the average user needs 32 passwords. It’s clear that it is more important than ever to have passwords you can remember without having to write them down somewhere that could be easy for someone else to access.
First, even President Obama last February admitted that his password was once “password” so you are not alone if you’ve aimed for simplicity. But despite the experts wanting complex passwords – the more complex a password is, the more it is actually less secure because it might be written somewhere. Most techs know that when a password is needed at a user’s computer, the first thing to do is look around. The password is usually written down somewhere in plain view. Don’t do this.
Secondly, avoid the common passwords. This year the password “password” was actually unseated by “123456” as the most used password. You also want to avoid using your birthday or a spouse, pet or child’s name. Most of that information is readily available on the Internet (think social media) and is a popular go-to for would be hackers.
The next important thing to avoid is using the same password for different sites. The majority of passwords are obtained by server hackings and the majority of Internet logins are your email address. This means that if someone hacks a server and gets your password and email address, all they have to do is try them on different sites. If you have shared your password across sites and one is hacked, you have now become a victim.
So what should you do?
For years we have been advocates of using phrases that have nothing to do with the user. Add to the mix a number and a capital letter, and the password will qualify for any site. For example “carsGo2fast” would take 16.82 million centuries to brute force attack but is easy to remember and use. As compared with “$Tga3KQ” which would take 22.44 centuries to hack, but is hard to type and very hard to remember, which means it is likely to be written down somewhere.
Now I said to avoid using the same password for different sites, but that does not mean they can’t be similar.
Think about the sites that you use. For social media sites like Facebook and Twitter, if hackers got your password, you would likely suffer few adverse effects — except maybe explaining to your mom the post that they put on your site. However, your login for your bank, for example, is obviously much more critical to protect. The easiest way to facilitate this is to use variations of the phrase for each site.
For example, using the password above, on Facebook and other social sites I would use “fastcars” : It’s easy to remember and put in your phone, yet still has a 6.91 years rating. For the first financial Institution you could use “CarsGo2Fast”, then “carsgo2Fast” on the next one and so on. The passwords are the same but also unique. Remember, make your phrase unrelated to you. Look out the window and see “3greenTrees” or pick something on your desk like “2bigApile”.
Now that you can remember your passwords, it is actually a good idea to have a location for all of your passwords and login data written down — just not anywhere easily accessible. Generally I recommend not to store them on or near the computer. There are a number of password locker programs that you can use to secure your passwords. These include some for your phone and others for your computer, as well as some that are online and can be accessed from anywhere. Personally, I would avoid those, because if that server got hacked, all of your information would be vulnerable.
Having well-secured passwords cannot protect you from every evil that is out there on the Internet, no more than a seat belt can protect you from every accident. However, won’t you feel more secure after taking the time to clean up your passwords? Just think, then you won’t have to admit that your password was “password” and you forgot to fasten your seat belt!
Dale Pinney is president of Olaf Solutions. A Microsoft Certified Professional and a small business specialist, he has been assisting small and medium sized businesses with their technology needs for over 28 years.