Every organization relies on passwords to keep their data safe, but many organizations neglect to enforce their own rules for keeping those passwords secure. Here are five tips for ensuring the highest levels of password effectiveness.
- Keep ‘em Guessing — Never use personal information such as names of pets, relatives, dates of birth and so on to create a username, login, or password. In this day and age where personal information is often finding its way onto the Web and identity theft experts have become ever-savvier at ferreting out these details, it is crucial to choose usernames and passwords that are disassociated from your personal history. Does it make it harder to remember? Yes, but you’ll be thankful when you’re spared the hundreds of hours and thousands of dollars it often costs to fix a stolen identity.
- Keep it Fresh — Avoid using the same login and password across multiple sites and/or cards and accounts. If a thief gains access to one, it will be like a house of cards, enabling them to quickly wreak havoc across your entire portfolio. Are you the type of person who says, “I never share my pin?” It’s amazing how often those “unshared” digits are misused by a jilted lover or a nosy housecleaner.
- Bigger Is Better — Cliché but true. Studies have consistently shown that a large fraction of all user-chosen passwords are readily guessed automatically. Shorter passwords are more susceptible to commercially available password recovery tools. Such software is capable of testing 200,000 passwords per second. To improve the cipher strength of your password, longer passwords are better. Include a minimum of eight characters, using both upper and lower case letters and a mix of letters, numerals, and symbols. Do not use words found in the English dictionary.
- Think Like a Thief — Put yourself into a thief’s shoes — don’t even think about using an overly simplified password such as “12345678,” “222222” or “abcdefg.” Avoid sequential passwords or using passwords derived from adjacent letters on your keyboard. Also avoid using only look-alike substitutions of numbers or symbols. Criminals and other malicious users who know enough to attempt to crack your password will not be fooled by common look-alike replacements, such as replacing an ‘I’ with a ‘1’ or an ‘a’ with ‘@’ as in “P@ssw0rd.” But these substitutions can be effective when combined with other measures — such as length, misspellings or variations in case — to improve the strength of your password.
- Consider a Password Manager — There are many good applications on the market that will digitally safeguard your various passwords. Avoid using the free ones built in to browsers, however, as these have been widely exposed for their security flaws. Instead use a password manager that memorizes, encrypts, and protects each username and password that you enter on a website. Whenever you return to that site, the software should also automatically complete your login information.
NICK FORCIER is CEO of San Diego-based Large Software.