May 7 is World Password Day and Twitter is buzzing with chatter about changing passwords and steps towards becoming more secure online. No matter the day, there is never a bad time to brush up on password etiquette to keep your identity and data safe in a digital world.
Why is your email password so important?
Quite simply, all your password reset links will be sent to your email account. Additionally, sensitive information like billing statements and medical records are now being sent via email rather than via the USPS. Imagine if you handed me your email password to gmail right now. How long would it take for me to gain access to your bank logins? How about your social media accounts? Because email serves as a hub of digital activity for many people, we recommend changing this password with a 90 day frequency, and turning on features like multi-factor authentication when available. Multi-factor authentication prevents a login from an unrecognized browser, sending a security code to your cell phone before going any further.
Why should you change passwords?
First, given the amount of accounts you likely have in cyber space now, it's not a matter of if your information will be part of a hacking attempt, but when. Hackers don't always get away with the important stuff, there are impressive intrusion detection measures taken by large companies. Nonetheless, you should assume you are under attack. Once data is taken, it is likely to be sold to another party or posted to a site in exchange for money. The data is only as good as the amount of unique usernames and passwords that have not been changed. It's easy to remain protected by proactively changing your passwords to make any leaked information useless as it sits in a database.
How can I remember to change passwords?
With users having 100+ accounts across sites for social media, email, online shopping and more, how can you remember to change them when the time comes?
First, set a calendar event for yourself to repeat quarterly and have it list out your current accounts. This is like spring cleaning; it won't be enjoyable, but it's necessary. Plus, it surely beats spending thousands of dollars trying to recover your identity. Second, you may elect to use a password vault that reminds you to change your password regularly. We recommend Last Pass, 1Password, or Dashlane 4.
4. What makes a good password?
The easiest method of attack is social engineering, or the practice of guessing a password based on information gleaned from your social profiles, over the phone, or in passing. Your kids' names on the back of your suburban with your family last name on the license plate? Yea, you better not use those kids initials to login to your bank account, sister. Your birthday is on facebook today? I hope you didn't use your 3 initials and your birthday as a password to your email. Was your wedding day in the newspaper? Hope your anniversary isn't the key to your digital kingdom. The lesson here, don't use personal info that is readily available in public as a private password, even in shorthand.
The second easiest method is what is called brute-force. Hackers have tools to guess a password over and over again until they have exhausted all permutations. The longer the password, the less likely brute force can work, because it is exponentially harder to compute all possible combinations of characters. The more variance you have from alpha to numeric, to special characters, that much harder for guessing schemes and technical computation scripts. Here are some pointers:
- Go for 14 characters or more
- Try a passphrase instead of a password. Instead of "67Ford!" try "iL0VEmy674RD" or instead of "Beach1234" try "imisstheB3@CHinWinter"
- Vary between letters, numbers, and special characters
- Change the password every 90 days
- Don't write your password down on paper that hangs around your desk or could be left behind at an airport!
While these tips aren't guaranteed to keep you safe online, they certainly kickstart you on the path to becoming more secure in our ever-growing online world.