Passwords: they are the “keys” of the internet. Most individuals find themselves using at least one password at some point in their internet exploration from day to day. Everything from email accounts to forums to purchases require passwords.
The Truth About Passwords
Truthfully, that’s a good thing. Passwords help ensure that the individual who needs to see information or send information should be the individual that is meant to. But the problem is that, as with houses, less scrupulous individuals (we’ll call them hackers) want to break in and steal what doesn’t belong to them. So they work tirelessly at either figuring out how to get that key.
Over the past couple of years, large companies like eBay and Adobe have experienced hacking of very sensitive user and customer information. This is obviously problematic from a trust standpoint, but also for customer identity protection. The silver lining – if there is one – of these major hacks is that light was shed on poor password practices. For instance, data from the Adobe hack revealed that the 9th most popular password for users was “photoshop,” one of the tools Adobe offers. And what was the most popular password used? “123456”. With weak passwords like those, a hacker’s job becomes much easier.
All this doom and gloom might leave you feeling a bit hopeless, but there are ways you can help protect yourself.
Best Practices for Password Security
We recommend these best practices for password security as they are both practical and necessary:
Avoid Using Words in Your Password
“Well, geez, how else do I go about making a password?”
Simple; use numbers and letters. So instead of using “mypassword” consider using something like “1m56y589pa43ss”. The reason behind this is pretty simple: hackers use dictionary programs that run constantly, fishing for whole words used in password fields. Thus, a whole word like “my” or “password” in a user’s password instantly makes it an easy target for hacking. Try to avoid replacing letters with a number that looks ‘similar’ to it. For example, don’t replace ‘e’ with ‘3’ or don’t replace ‘a’ with ‘4’. These replacements are very common and make password guessing trivial.
Generate Strong Passwords
“That’s easy to say, but how do I accomplish this?”
Using a ‘password generator’ is the best way to accomplish this. A lot of password storage apps (as discussed below) offer fantastic password generating tools built right into the app. These make setting up very strong passwords a breeze.
There are also a handful of password generator websites that can accomplish this same task. However, be sure the website is from a trusted source. It’s best to verify that the website is encrypted (aka using “https”). Here are a couple of trusted sources to get you started:
“But how do I remember these more complicated, stronger passwords?”
Store Passwords in a Trusted App
“Oh, no, here we go: a sales pitch for some kind of expensive app.”
Well, yes, some apps for password storage are expensive ($25 – $50) others are cheap, or even free. The benefit of an app in the first place is having something accessible so you don’t have to remember the more complicated passwords (i.e. 1m56y589pa43ss). Instead, when you need a password, it’s simply a matter of copying it from the app and pasting it in the password field in your browser, email app, etc. Do your research about which app might be best for you. If you only have a couple of passwords you need to store, choose a free version, so long as it is secure and its reviews are good. If you have multiple passwords to juggle, consider making the investment in one of the more expensive apps and determine whether the desktop version of the app and smart phone version can be synced so that you can access your passwords at your computer, as well as on-the-go.
While we don’t want to push any specific app on anyone, we do highly recommend 1Password. We use this internally for all the password security, management and storage needs at InsideOut. It has been one of our most trusted and highly used apps over the years.
Here are a couple of good leads to get you researching what app might be best for your password security needs:
Change Your Passwords Every 3 Months
What’s the best way to keep a burglar from getting into your house if he steals one of your house keys? Change the locks. The same is true with your password security. Yes, we recognize that it sounds laborious to change passwords every 3 months. The better question is: do you spend the time to do that or to dig yourself out of the morass of identity theft? The internet can be a fun place to interact with others, purchase goods, and find entertainment. And since passwords are part of the internet landscape, it’s probably best to keep that landscape shifting so that hackers don’t have even the inkling of a chance to gain access to your otherwise private and secured information.
Transmit Passwords Only Via Secure Channels
Think email is a secure way to transmit a password? Think again. If you absolutely have to transmit a password to another individual, do so with programs that use strong encryption methods. For instance, Dropbox is a trusted method of transmitting information that users often want kept private or confidential. Email, text messages, and social media messaging systems are not considered private or secure means of transmitting any type of password information. We recognize, however, that often times you have to send a password with email or text message. If this is the case, we highly recommend that the password be changed immediately upon gaining access to a system. Using the ‘password recovery’ feature of a website or changing the password from the user profile page is the best place to start. Remember, use a strong password each time you change it!
Erase Your Storage When You Sell a Device
A not often thought of security measure is wiping all the data off of a computer hard drive or overwriting information on a smart phone. When you sell these items, remember that the data is still there even after a simple “erase.” Software exists that can pull information off of hard drives or phones that was otherwise considered “deleted” or “erased.” Some security companies like Avast indicates that there is no full-proof way to prevent “erased” information from being retrieved from a phone. The only best way is to destroy hard drive of the old device rather than selling it for reuse. This, however, is probably not considered the most popular method since individuals tend to sell old devices to help invest in newer versions. For computers, there are similar sites with excellent guidance on how to scrub a hard drive clean:
The Bottom Line About Password Security
Protect yourself and be smart. It is not smart to use names, words, anything recognizable as a word in a password. It is not smart to use a series of sequential numbers or keystrokes such as “123456” or “asdfjkl;”. We have listed methods we feel are solid in terms of protecting yourself when you use and manage passwords. Perhaps there is no foolproof method for password security given that a lot of hackers make it their day job to steal what doesn’t belong to them. But that doesn’t mean you leave the door to the house open, and you certainly don’t leave copies of the key lying around. Do your best to protect yourself and think ahead of the hackers, staying one step ahead of them so that the information you consider to be private remains that way.