Considering the amount of information people put online these days, it’s amazing how little thought often goes into securing that information, particularly when it comes to their passwords. Although reports show that eight in ten people are worried about their online security, more than half (54 percent) use five or fewer passwords for their entire online lives.
As you consider your password security, consider the following tips to help you make sure that your password security level is where it should be.
1. Choose Passwords That Are Difficult to Break
So what exactly makes a password “strong?” Generally, when people are talking about password strength, they’re referring to its complexity. The longer and more complex your password is, the more possible combinations of characters there are, which means that it will take a computer or botnet longer to crack. A password that is eight characters long and only uses lower case letters will have 26^8 possible outcomes. That seems like a lot until you realize that it would take a supercomputer or botnet just under two seconds to crack.
By using a combination of lowercase and uppercase letters, plus numbers and special symbols, you can make your password significantly more difficult for even a supercomputer or botnet to break. Compare a simple 8-letter password to a secure password using a variety of character types that is 10 characters long. This kind of password would take about three years for the same computer to crack.
2. Require Multiple Types of Authentication
Many services now offer the option to add an additional step into your login process. As security breaches have become more rampant this last year, thousands of digital business owners have opted to add captchas or even IP recognition to their login pages. Some bank accounts will require you to enter both a password and a PIN each time you log in to your online account.
Some services require you to enter a unique code that is sent to your phone each time you log in so that anyone trying to get to your account would also need access to your phone. It’s a slightly longer process for you to log in, but it can help keep your accounts safe.
3. Use a Different Password for Each Account
According to a report from GlobalWebIndex, the average internet user uses five different social media platforms. Add, on top of that, an average of 1.7 email accounts per user, plus personal computer logins, profiles for ecommerce sites, and bank accounts, and you end up with a lot of usernames and passwords. With so many places to log in, it’s tempting to just pick one password and use it everywhere so that it’s easier to remember.
What happens if someone gets ahold of that one password, though? Suddenly, they have access to not just one account, but everything. According to a study published by Blue Coat, though, only about a third (36 percent) of people actually use different passwords for each application, and one in twelve actually use the same password for everything. A variety of different passwords—and not just variations on the same password that add in a number or a special character—will be much more effective in keeping your information secure.
4. Be Alert for Phishing Scams
Phishing scams are all over the place these days. Scammers will send fake emails from banks, e-commerce sites, and other online entities in an attempt to trick you into giving them your private information. If you get an email from your bank or another site asking you to click on a link and then log in with your password and username, be wary. There’s a chance it could be a part of a phishing attempt to trick you into typing in your information, which the scammer can then use to access your accounts later.
Instead of clicking on embedded links in emails you receive, copy and paste them into your browser window and check to make sure that it leads to the company’s actual site. Many scammers will change a single letter in the URL. While an email with poor spelling and grammar are a definite red flag, many phishing emails are tailored to look genuine, so always be alert.
5. Change Passwords Regularly—But Don’t Get Lazy
It’s a good idea to change your passwords regularly—at least every 6 to 12 months. That way, even if a cybercriminal does get ahold of your login information, you know it’s temporary. Hopefully, should that happen, you will have changed it before they can cause any lasting damage. Even so, 47 percent of people still use passwords that are five years old or more, and 21 percent have been using the same password for more than 10 years. If you notice any sort of suspicious activity on your accounts, that’s also a good time to change things up.
When you change your passwords, don’t get lax and start using a password that’s very similar, like adding the number “1” at the end. Cybercriminals expect these sorts of changes and can very easily regain access to your accounts unless you make a significant change each time.
~ Carol Evenson