In my last post I talked about email and the challenge of taming large quantities of junk mail and spam.
If you spend much time on the Internet you have probably visited several websites that require a username and password. Maintaining your identity and securing your access to websites is important, therefore, secure usernames and passwords is important and is crucial to minimizing the risk of identity theft.
Here are the common mistakes we make when creating online passwords:
1. Short passwords - Many websites require passwords with 8 or more characters, but some don’t. The shorter the password the easier it is to be discovered by hackers. We tend to use shorter passwords because they are easier to remember, however, the chances of our information being compromised increases substantially when we use short passwords. A safer practice is to use at least 8 characters, or better yet, 12 characters for a password.
2. One password - It is easier to remember 1 password than it is to remember 5 or 10 or 200, therefore, we will have a tendency to use the same username and password for different websites. A better practice is to not use the same password on more than one website.
3. Common passwords - The 10 most common “hacked” passwords include 123456, password, 12345, 12345678, qwerty, 123456789, 1234, baseball, dragon, and football see http://splashdata.com/press/worst-passwords-of-2014.htm. It is a good practice to avoid using these common passwords.
4. Dictionary passwords - While words from the dictionary are easier to remember, they are also easier to hack. A more secure practice is to use random character passwords that cannot be found in the dictionary.
5. Personal Information passwords - Sometimes you will use personal information like the city you live in, our zip code, our birthday, or some other information that is known about us. Hackers can discover and use this information in order to discover our passwords. A better practice is to not use personal information for a password.
6. Never changing passwords - If you are using the same password that you have used for years and have never changed it, again, you run the risk of the password and/or website being hacked. A good practice (a little inconvenient) is to change your password as often as possible (1 month is more secure than every 2 years).
There are several ways to create and store secure passwords:
1. 1Password - https://agilebits.com/onepassword
One of the best options is using the app “1Password."
I have created and stored over 500 items with 1Password including passwords for websites, credit card numbers, social security numbers, bank account numbers, lock combinations, and even images of my important documents (driver’s license, passport, etc). It is one place to keep my information secure. Another great benefit is that it is also available on all of my devices (iPad, iPhone, computer, etc) with a single password, or even with just my thumbprint on my iPad and iPhone.
1Password provides all of the options you need for generating secure passwords, storing passwords, and recalling passwords when you need them. They also monitor reports of websites that have been compromised and warn you of a need to change passwords if a website you use has been compromised.
2. LastPass - https://lastpass.com/
LastPass is another great option for storing website passwords that are available online. With the premium version, you can share passwords across multiple devices. While slightly different from 1Password, it still has many similar options.
3. Strong Password Generator - http://passwordsgenerator.net/
If you don’t want to use services like 1Password or LastPass, you can generate strong passwords with this online password generating tool. However, you will need to find a way to securely store and retrieve these passwords when you need to reuse them.
Other options include storing passwords in Google Crome, Apple iCloud Keychain, or other browser based storage options. At this time I do not use these options because it is my understanding they are less secure and have been hacked.
If you have any questions about online security or best practices for minimizing the risk of identity theft, please contact me.