Courtesy of Nick Forcier, CEO of Large Software
- Keep ‘em Guessing
Never use personal information to create a username, login or password (i.e. names of pets, relatives, nicknames, dates of birth, birth location, etc…). In this day and age where information is often finding its way onto the Web and identity theft experts have become ever-savvy at ferreting out these details, it is CRUCIAL to choose usernames and passwords that are disassociated from your personal history. Does it make it harder to remember? Yes, but you’ll be thankful when you’re spared the potentially hundreds of hours and thousands of dollars it often costs to fix a stolen identity.
- Keep it Fresh – Diversify
Avoid using the SAME login and password across multiple sites and/or cards and accounts. If a thief gains access to one, it will be like a house of cards, allowing them to quickly wreak havoc across your entire financial portfolio. Are you the type that says, “I never share my pin?” It’s amazing how often those “unshared” digits are misused by jilted lover or a nosy housecleaner.
- Bigger is Better!
Cliché but true. Studies have consistently shown that a large fraction of all user-chosen passwords are readily guessed automatically. Shorter passwords are more susceptible to commercially available password recovery tools. Such software is capable of testing 200,000 passwords per second. To improve the cipher strength of your password, longer passwords are better. Include a minimum of 8 characters – using both upper and lower case letters and a mix of letters, numerals and symbols. Do not use words found in the English dictionary.
- Think Like a Thief – Don’t Make it Easy on Them
Put yourself into a thief’s shoes – don’t even think about using an overly simplified password such as “12345678,” “222222,” “abcdefg.” Avoid sequential passwords or using passwords derived from the use of adjacent letters on your keyboard; this will not make your password secure. Also, avoid using only look-alike substitutions of numbers or symbols. Criminals and other malicious users who know enough to try and crack your password will not be fooled by common look-alike replacements, such as replacing an ‘i’ with a ‘1’ or an ‘a’ with ‘@’ as in “[email protected]@re” or “[email protected]”. But these substitutions can be effective when combined with other measures, such as length, misspellings, or variations in case, to improve the strength of your password.
- Consider a Password Manager
There are many decent applications on the market that will digitally safeguard your various passwords. Avoid using the free ones “built-in” to browsers as these have been widely exposed for their security flaws. Consider software like Password Manager by Large Software (www.largesoftware.com) that memorizes and securely stores each username and password that you enter on a Web site. Whenever you return to that site, Password Manager will automatically complete your login information and click the submit button, making your login a snap. The software also includes a password generator in case you’re having difficulty coming up with a secure login on your own. All accounts and passwords are encrypted and protected with a single Master Password, keeping your confidential information secure. This offers the added benefit of minimizing the number of logins and passwords that you have to readily remember on a day-to-day basis.