How often do you think about your own online security? Probably not as often as you should. Don’t feel bad though because you’re not alone. I wrote about this topic in 2014, and linked to a report on the most common passwords of 2013. Flash forward two years, and many of the “top” passwords were still the same. Incredibly, many people still think “123456” and “password” are good options.
So for the purposes of this article, let’s start by assuming the password for your online banking is stronger than “123456”. If it’s not, go ahead and change it. I’ll wait. (Seriously, please change that immediately.) If your idea of a strong password isn’t one of those, you’re ahead of the game, but still probably not where you need to be. Once you use these three tips, you won’t be out of the woods (as famed mathematician Alan Turing proved, no system is unhackable) but you’ll be much more secure.
Longer Passwords Are Stronger Passwords
Most websites require users to create passwords with numbers, upper and lowercase letters, non-alphanumeric symbols, and have a minimum length of eight total characters. But creating a password that satisfies those requirements and creating a strong password isn’t necessarily the same thing. The popular web comic Xkcd explains it pretty succinctly, but if that’s too complicated, think about it like this:
Let’s say your password has the above requirements, and you come up with “C0lor@do”. It satisfies all the requirements, but is it strong? Not as much as it could be. The most common hacks involve algorithmic programs, which are more adept at guessing passwords with fewer characters. Instead of using an eight character password built around one word, try creating a longer one. Using “C0lor@do” as your base, add in a couple more words like “Color@do Rocki3s B@seb@ll”. Now you have a strong password, and it’s one you can remember.
Manage Your Passwords in Ways You’ll Remember
Most of us have at least half a dozen passwords we need to remember on any given day. Email, social media, and financial accounts come to mind immediately. For too many of us, these passwords are the same across different platforms, which is a big cybersecurity no-no. Why make it easy for hackers to access everything?
Since you’ll probably be tempted to use that same strong password you just created for all your accounts, you can leverage that temptation into real security using sub-passwords. Let’s use the strong password you just created as an example:
Base password: “Color@do Rocki3s B@seb@ll”
Sub-password for popular social media site: “blue_Color@do Rocki3s B@seb@ll”
Sub-password for work email: “red_Color@do Rocki3s B@seb@ll”
Sub-password for online banking: “green_Color@do Rocki3s B@seb@ll”
You get the idea. Instead of using the same password, make small changes you can remember. It doesn’t have to be colors, it could be anything, but if you’re currently using the same password for everything, you’re only making a hacker’s job easier.
Change Your Password More Frequently
Of all the tips, this might be the most difficult, but it’s critical. If you change your passwords monthly, it can lower your risk of being hurt by a massive hack of a website you use all the time. In June of 2016, Twitter announced that 32 million accounts had their passwords stolen. You could have the strongest password in the world, but it wouldn’t matter if a hacker can copy and paste it from a spreadsheet.
Another important side tip here is not to serialize your passwords. That means adding a rotating set of digits at the beginning or end of your password is a big no-no. Likewise, don’t rotate back and forth between the same passwords. So how do you change your password every month without asking for a reset? Try using the sub-password tip from above and make non-serialized changes to your base password every month. Once the year is over, consider changing your base password and alter your sub-passwords accordingly. This will protect you from individual hack attempts, as well as increasingly common large scale security breaches.
Using these tips might seem like a hassle, but is a simple reimagining of your password protection really more of a hassle than spending months, or even years, trying to clean up the work of identity thieves? At the bare minimum, when next year’s list of the most common passwords comes out featuring “123456” and “password” at the top once again, you’ll be able to confidently shake your head with dismay.