The Password Rules We All Break – That We Shouldn’t.
- 23 Aug, 2018
You’re sitting in the living room, watching television, when there’s a knock at the door. You answer it to discover a guy in a ski-mask on the other side.
“Hi. Can I steal your stuff?” He asks. You think about it for a second, then shrug.
“Sure! What do you need?”
“We’ll start with your electronics, mosey over to the good silver, then end with your SSN and identity. How does that sound?”
“Perfect! You need help carrying that out?”
“I’d appreciate the hand! Do you have a screwdriver so I can get the 60” off the wall mount?”
Unless you disavow all worldly possessions and happen to be the most philanthropic person in the world, this is probably not an ideal interaction for you. And yet, when you choose a password that’s easy to guess or give your password away indiscriminately, you’re helping hackers break in to your smartphone, email, and web accounts to take your personal, and financial, information.
Here are a few of the password rules we all break that we shouldn’t.
Keeping all of your passwords in an unsecured location, like in a notebook or on sticky notes on the underside of your desk, or in a file on your computer called “passwords”.“Oh, I have no idea where your passwords could be. Are they in this desk drawer in this journal on the VERY FIRST PAGE?”
Using one password and one username for multiple accounts.“I got your info from hacking some major chain store, and now I can use that same login for your bank, credit cards, Netflix, Facebook, and your email, too.”
Using a common password.“Your password is 123456? SERIOUSLY? HAHAHAHAHA! Hey, but at least it’s not like that guy whose password is PASSWORD!”
Using information that is easy to find out on your social networks.“Hubby’s nickname? Kid or pet’s moniker? Great… now how about the first school you went to and your mother’s maiden name? How about your favorite color or drink? Birthday? Thanks! Oh, and you should get that mole I saw in your profile photo checked out.”
Straight up using only dictionary terms or only numbers.“There are 10 roman numerals and 26 alphabetic letters, with billions of possible combinations, but all I have to do is run your account through a dictionary or auto-generate a few thousand number combos and I’ve cracked it.”
Saving your passwords so they autofill in your browser.“That’s so sweet. You filled it in for me already.”
Giving your passwords to random people.“Are you sure? No take-backsies! Can I also have the key to your safe deposit box?”
Not changing out your password… ever.“I can’t believe this super old hacking info from 1995 worked. I thought most people knew to switch out their passwords every few months, or at least once a year!”
- Your password is too darn short.“Nuff said."
You may feel like we just told you that your entire password strategy is wrong. Well, here’s some help in crafting strong passwords and password security.
Use a variety of characters. Replace letters with numbers, numbers with letters, and the shift key is your BEST friend. Special characters and capitalization raise the possible combos to the quadrillions if not more. The downside is that these passwords are harder to remember. Just don’t be too obvious. Everyone knows @ replaces A.
Invent special words that aren’t found in the dictionary, but which are easy for you to remember. Like the phonetic spelling of your initials. Or pull out some Klingon, Elvish, or Romaji.
Type longer phrases – even 8 character passwords can be hacked given the right program and time. It could be obscure quotes from books, or a former neighbor’s address. Something you’ll remember that’s longer than the 8 character recommendation.
Use different passwords for every account – and keep track of them using a password manager. Now just make sure you have a good password for that, too.
- Don’t forget to switch out your passwords. Some people like to advance sequentially, while others like to raise the stakes a bit with math problems.
Instead of just a notebook or a program with your passwords, create a digital estate in the event of emergencies.
- And don’t forget to be aware of what you put out there on social media!