Recently, I went online to place a take-out order from a local restaurant. After I selected my dishes, I was prompted to set up an account with a user ID and password. Here it was again: a need to create and keep track of yet another password. There was no avoiding this step to place an online order.
As our lives revolve around computerized devices and the internet, we now need secure unique passwords for banks, online shopping, cell phones, social media, employee benefits, medical records, insurance, Social Security, phone apps, smart speakers, and the list goes on. Each of these accounts creates more online exposure, increasing our vulnerability to security breaches and identity theft. How do you protect yourself?
One line of defense is to be smart about your passwords.
Use a password manager.
Password managers store and organize your user IDs and passwords. You don’t need to remember each one! You memorize one password to access the manager. This password should be long and complex. LastPass, DashLane and KeePass are frequently recommended. Once you are using a password manager, you can shred the written list of passwords under your mouse pad or in the file folder next to your desk. If you can’t part with the paper, lock up the list away from the computer.
Use two-step verification.
Whenever an online account offers two-step verification, set it up. With this, when you log into the account with a new device, a one-time code will be sent to you via text message or email. You have a few minutes to type in the code as part of the log-in process. Some financial institutions will send you a token or security key. You keep this small device in a secure place at home. When you log into that website, a one-time code will appear on the token. You enter that as you log in to your account.
Use Long, Complex Passwords.
Let’s first consider what makes a weak, easy-to-crack password. It would be very convenient to use the same simple-to-remember password on every website. “Rover1,” for example, is short and easy to recall. Experts would point to this as an extremely weak password:
- It has fewer than 10 characters.
- It is predictable, meaning it is not complex. It has only one capital letter, one number, and no special characters.
- It is the name of a pet. Passwords shouldn’t be our own names, or pet and family members’ names.
Passwords should also avoid information easily found on the internet such as birthdates, anniversaries, license plate numbers, street names, and schools we attended. Words from the dictionary don’t make good passwords. Passwords that use sequences of numbers, letters and keystrokes should also be avoided. A classic example of this is “qwerty1234.”
How do you create strong passwords? In the many articles I have read on this topic, all stress the importance of at least 10 characters that are complex, meaning they mix capital and lower case letters, numbers and symbols.
The common ideas I have found to create such passwords are:
- Let your password manager generate passwords for you.
- Combine random words and turn them into a complex phrase: “frog city snore” can become “Fr0%S1t1snor5.”
- Use a diceware website to generate a passphrase – string of random words. Human brains are not good at coming up with truly random words. Diceware websites will do this for you. You can find them with an internet search. The passphrase one such website generated for me is ReopenScramblerQuiltAmuckObligateSly.”
- Make a phrase complex. “It was the best of times,” can become “1Twzth3b8stOFXs.”
The core advice for password safety is make them long, make them complex, store them safely, and use two-step verification where ever possible.
The night I tried to order my dinner online, I decided I didn’t need a password for a restaurant. I picked up the phone and called instead.
This blog is published to provide you with general information only, and is not intended to provide specific or comprehensive advice. Money Care, LLC encourages individuals to seek advice from competent professionals when appropriate.