Many of us fall into the same patterns when it comes to our online passwords: Something like the recent Heartbleed bug, or a notice from the bank that an account has been compromised suddenly makes security the most important thing in the world, and we spend hours changing passwords and shoring up our defenses against hackers.
And inevitably, over the ensuing weeks and months, we slip back into the same patterns. It becomes too difficult to remember all of the different passwords, so we stay logged in to our favorite sites, write the codes down on notes stuck to the computer or change them back to the old, easy-to-remember passwords. Or maybe we come up with a humdinger of a password that meets all of the requirements to be uncrackable (eight characters or longer, not a dictionary word, a mixture of alphanumeric characters and symbols) and then use it for all of our logins. It’s all fine — until there is another security breach, that is.
The fact is, most passwords are not adequate for protecting our sensitive personal data from the prying eyes of a cyber criminal. Hackers are sophisticated, and have the tools and the expertise to crack even the most complex passwords. The trick then is to stay one step ahead of them — and if you follow this five-step strategy, you can do just that.
Step One: Identify Your Assets
The average person has about 25 password-protected accounts, and logs into approximately eight per day. Not all of these accounts are of equal value, though. Your bank or credit card account contains far more valuable information than your premium account with the local newspaper. Begin your password management plan by listing all of the accounts you have that require passwords, and categorizing them by priority. Your highest priority accounts — those that contain information that would be devastating if it fell into the wrong hands —should have unique, strong passwords. The lower priority accounts can have less complex passwords, and it’s okay to reuse those credentials. Even if a hacker somehow gets into your account on a media site, for example, if you have different email and banking passwords, the information they gain from the hacked account won’t be of much value to them.
Step Two: Use a Password Manager
Even if you’re only trying to create strong passwords for a few accounts, it’s still a lot of letter-number-symbol combinations to remember. A password manager will help you create, store and evaluate your passwords, and only requires you to remember one log in. Use your best password (consider a random combination of letters and numbers to discourage guessing) to lock the manager; once you unlock it, the application will automatically fill in your username and password on any site you’ve set up. That way, you aren’t trying to remember if your bank password is “TpbwIp35p” or “WIp35ptpb” and risk account lockouts.
Step Three: Change Weak Passwords
A good password management application will help you identify weak passwords so you can change them. While you don’t need to devise complex passwords for every account, you still don’t want to rely on the old standbys like “password” or your birthdate. Those are easily guessed and you’re just asking hackers to come and steal your information. Use your password manager to identify the passwords that need changing, and then change them.
Step Four: Use Two-Factor Authentication
Many websites have begun offering two-factor authentication to help users keep their accounts safe. In addition to entering a username and password, with two-factor authentication, you’re required to enter addition information, such as code sent to your mobile device via text message. Two-factor authentication offers an additional layer of protection so that in the unlikely event that a hacker does get his or her hands on your password, unless they also have your mobile device or a specially designed token, they still won’t gain access to your account.
Step Five: Stay on Top of Things
Passwords should not be permanent. If you’ve been using the same ones for years, you certainly remember them, but so do the hackers. Schedule time to update and maintain your passwords on a regular basis; some experts recommend every 90 days, while others note you can stretch it out to 180 days. The point is, you need to change your login credentials every so often, and definitely if you ever learn of or experience a breach.
As cyber criminals become more sophisticated, and persistent, it’s important to take steps to prevent your data from falling into their hands. The first step is proper password management, and the time you spend here will go a long way toward protecting your accounts, your identity and your money.