Recent months have seen large, seemingly secure websites, such as LinkedIn and eHarmony, hacked for their users’ passwords. This has many people worried, considering that these are sites that millions of people use every day, yet they can’t keep their users’ password data secure. It begs the question, how can you, the average Web user, keep your password safe online?
We have some expert tips to help you protect your passwords:
Choose a unique password!
A long, hard-to-crack, unique password will help protect you, even in the event it is a website, not a personal account, being hacked into. The reason for this is that the bad guys will have to decode the password before they can use it. Your best bet is to stay away from dictionary words or sequences of numbers, as these are much easier to crack than a random combination of letters and numbers. Test the strength of your password at a site like How Secure is My Password.
Be wary of “phishing” emails!
“Phishing” is a tactic employed by online crooks, especially in the wake of highly-publicized hacks, such as those perpetrated against LinkedIn and eHarmony. “Phishing” emails look like official communication from a well-known company. However, these messages try to get users to reveal personal data that identity thieves could use, or they include links, that if clicked, can install malware on a user’s computer. You can learn more about how to tell if an email is a fake in our blog post, “The Fake Financial Phishing Fraud”. Remember, if it smells fishy or seems too good to be true, don’t open that email, or follow that link!
Use different passwords for different sites!
If you use the same password for multiple sites, you could be compromised everywhere if just one website you use gets hacked. It can be difficult remembering multiple passwords for different sites, especially if they are all unique and long. There are a number of free online tools that will store and keep them for you, securely. Some examples of these tools are KeePass, 1password, and LastPass. Before you sign on with a password-keeping site, be sure to check with your IT support so they can make sure it is not a scam.
Do not share your password!
This is pretty self-explanatory. Sharing your password drastically increases the chances of it being compormised. Not everybody will take the same amount of precautions that you do when trying to keep your password secure, so keep it to yourself.
Do not keep your password written down!
Many people keep their passwords written down for reference, and keep them in unsecure locations. I have seen many people who have their passwords written on post-it notes and stuck to their monitors, in plain view. While convenient, this makes your password available to anyone passing by your computer, and it is not a good idea.
Update your password!
In order to keep your passwords secure, it is a best practice to change them periodically. There are a couple of reasons for this. First, passwords are often stolen without the knowledge of the victim, and stolen passwords often aren’t used immediately. They’re collected, sold to organized crime, re-bundled and resold, and left unused for some time. Even if you’re not aware your password was stolen, if you are in the habit of changing it periodically, you may change it before a thief has an opportunity to use it. Second, it’s possible to guess your password through sheer persistent computer effort. With current technology, this takes months if you have a strong password. If you change your password every few months, and make sure it’s always a strong one, any brute force attack that takes longer is ineffective. A good rule of thumb is to change your password as often as you change your toothbrush, which would be about every two to three months, poor dental hygiene notwithstanding.
Remember, the best protection against hackers and other criminals who want to get your passwords and use them for nefarious purposes is being well educated about password security. No password is completely or indefinitely safe, but if you use the information from the tips above, you will be able to stay one step ahead of the bad guys, and maintain a high degree of online security.