The recent Heartbleed bug has made everyone think about their passwords for different Internet sites, and while a lot of the tech news folks are in a lather about the ins and outs of password management, most of the folks I talk to just want to keep their information safe, while not adding too much work to be able to get to their information. Unfortunately, not doing anything and hoping for the best isn’t a good approach. So let’s take a few minutes to talk about a smart approach to your passwords.
RECOMMENDATION 1: Use unique passwords
Create different passwords for every site you use, especially on sites that hold important financial and personal information.
Using the same password for everything is a REALLY BAD plan. The ONLY thing that’s good about it is that it makes it easy for you to remember it. However, that’s small comfort if someone else gets hold of it. Since many popular websites use your email address as your account name, if you use the same password to read your email as you do for those sites, it makes it that much easier for a hacker to jump from your email to those sites. So take some time and create unique passwords for each site.
RECOMMENDATION 2: Create strong passwords
It’s also not a good idea to use simple passwords, with just a single word, or a string of numbers. Some hackers will use “brute-force” attacks to try and guess passwords, trying random combinations of letters or numbers. The more complex your password is, the harder it is to break. Complex passwords will have both upper- and lower-case letters, as well as some numbers, and perhaps a special character, like a dash, an exclamation point, or and ampersand. One common suggestion is to use three unrelated words, and separate them with a number or a punctuation mark (for instance “below!paper9mango”). This make the password somewhat more memorable for you, but less likely to be figured out by a hacker.
RECOMMENDATION 3: Periodically change your passwords
In order to keep malicious hackers from having an easy time of it, don’t let your passwords stay the same forever. From time to time, change the passwords for the sites you use most, and which have the most critical information — especially financial information. Pick a cycle — monthly, quarterly, annually, when Daylight Savings starts and stops, and generate new passwords.
RECOMMENDATION 4: Use a good password manager
You may have your passwords saved by your web browser, so it automatically fills it in on some websites. That has some value, but if your computer has problems, and you don’t keep track of your passwords elsewhere, then you may have trouble accessing your information. Keep track of your passwords using a password manager program, like 1Password, LastPass, or RoboForm. These programs store your login information for all your websites, and can also store other bits of info, like PIN codes, alarm codes, bank account numbers, etc. They protect your information with a password; essentially you only have to remember that one main password to unlock your list of all your other passwords. These programs can then fill in your login information as you go around the Internet. These programs also have features that will generate new passwords for you, and they can be as random and complex as you like.
If that’s not your style, you can put your unique, complex, and frequently-changed passwords into a notebook, as long as you keep that notebook in a safe place. It’s not very high-tech, I know, but for some people, it’s the most reasonable way to implement the first three recommendations above.
Questions? Feel free to contact me, using the form here on this page.