Create safer passwords for all your online accounts

Online personal data is never really safe, but there are dos and don'ts to make it harder to hack

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Some pass­words are fun­ny. Some are pret­ty weird. Some can be a math prob­lem. Many can be laugh­ably easy to hack (I give you “dada­da,” “qwer­ty,” “pass­word” and”123qwe” to name a few.) — or very tricky. But one thing is for sure, they are nev­er real­ly 100 per­cent hack-proof.

Adam Levin, chairman and co-founder of Credit.com and IDT911
Adam Levin, chair­man and co-founder of Credit.com and IDT911

Ear­li­er this month, news broke that a sig­nif­i­cant num­ber of Twit­ter pass­words had been com­pro­mised and were being offered to any­one will­ing to fork over 10 bit­coins, or rough­ly $6,700, as of this writ­ing. More than 32 mil­lion users were includ­ed in the cache of infor­ma­tion on the cyber creep auc­tion block. Hacked infor­ma­tion data­base Leaked Source said in a blog post that it received the data set from a user under an alias.

Your infor­ma­tion is out there

The first take­away: Any­one can scav­enge and rumor-chase to find pur­loined log-in cre­den­tials. The sec­ond: You are not safe, and iden­ti­ty-relat­ed crimes are the third cer­tain­ty in life, right behind death and tax­es. (You can mon­i­tor your cred­it for signs of iden­ti­ty theft by view­ing two of your cred­it scores for free each month on Credit.com.)

Twit­ter has told mul­ti­ple news out­lets that its sys­tems were not breached. Leaked Source said the pass­words appeared to have been grabbed by mal­ware.

How to keep peo­ple out of your stuff

While know­ing that your infor­ma­tion is out there is an impor­tant piece of the per­son­al data secu­ri­ty puz­zle, keep­ing your accounts safe is even more cru­cial.

While there has been much inno­va­tion in the world of data secu­ri­ty, noth­ing has proven fool­proof yet. Bio­met­ric authen­ti­ca­tion using fin­ger­print and iris scans is promis­ing, but their adop­tion is far from uni­ver­sal and not with­out some spoof­ing issues.

There are tokens and cards that can com­ple­ment pass­words, but those are fal­li­ble for the rea­son that they can be stolen or lost.

Mul­ti­fac­tor authen­ti­ca­tion is prob­a­bly the best way to deal with secu­ri­ty issues, but it does not nec­es­sar­i­ly strike the best work­place bal­ance between secu­ri­ty and con­ve­nience. The Pixar movie “Mon­sters vs. Aliens” pro­vides a com­i­cal scene that demon­strates why it’s not the most prac­ti­cal approach (the char­ac­ter has to pro­vide a hand, foot, tongue, elbow and butt scan to gain access to the president’s sit­u­a­tion room).

Pass­words still best option

As things stand now, a pass­word cou­pled with a sec­ond fac­tor of authen­ti­ca­tion known only to the user—like a visu­al prompt—is the best per­son­al secu­ri­ty solu­tion.

Because we have many accounts, and they should all have sep­a­rate pass­words, most con­sumers have a prob­lem keep­ing all that infor­ma­tion straight. There are apps for that, of course, and if you are OK with cloud-based solutions—bearing in mind that noth­ing is un-hackable—you might want to check out a ser­vice like 1Pass­word, which allows you to store all your pass­words, PINs, cred­it card num­bers, and more. Pass­word­Wal­let 4 and Dash­lane pro­vide sim­i­lar ser­vices. Bear in mind that they are not the only good games in town. So do your research and read reviews. Keep in mind, too, some pass­word man­agers charge for their ser­vices.

The upside to pass­word valets is clear—you only have to remem­ber one pass­word. If that’s of inter­est, you still need to make sure that pass­word is very strong.

Rules of the road for effec­tive pass­words

If you decide not to use a pass­word man­ag­er, nev­er store your pass­words and user names in a doc­u­ment that resides on your com­put­er. Save them on an encrypt­ed thumb dri­ve. Then you need only remem­ber two things: Where you keep it and the pass­word (hope­ful­ly long and strong) required for access.

The best prac­tices here include a num­ber of things you shouldn’t do:

  1. Try to avoid sin­gle words, since many pass­word-crack­ing pro­grams use the dic­tio­nary.
  2. Avoid let­ters and num­bers that are close to each oth­er on the key­board.
  3. Nev­er use a pass­word based on per­son­al infor­ma­tion that could well be avail­able on social media or via a data breach. This would include your birth­day or the birth­days of loved ones, children’s names, pet names, your high school or col­lege mas­cots and the like.
  4. Nev­er use a pass­word on a retail site that you use any­where else. If that site gets hacked and the same log-in infor­ma­tion is on a bank account, you’re toast.

A few things you should do:

  1. Cre­ate an eas­i­er pass­word for sites that don’t have a great deal of your per­son­al infor­ma­tion, like news sites, video stream­ing ser­vices and the like.
  2. Con­sid­er using a pass­word gen­er­a­tor. (Bear in mind this gen­er­al­ly requires using a pass­word man­age­ment sys­tem, bought or home­made.)
  3. Cre­ate long and strong pass­words con­tain­ing a phrase at their core. One thing that a brute force attack can­not do is guess the first line of a poem you wrote in fourth grade, espe­cial­ly if you have a sim­ple math prob­lem embed­ded in the mid­dle of a word of two.

Most of us have day jobs. Iden­ti­ty thieves and scam­mers view grab­bing our infor­ma­tion and exploit­ing it for their gain as their day job. Always assume there is a nev­er-end­ing riot over­flow­ing with loot­ers hap­pen­ing just out­side your cyber house. That’s why you must be thought­ful, inven­tive and vig­i­lant when cre­at­ing pass­words, for they are the locks to all your vir­tu­al doors and windows—even when you are home.

 Full dis­clo­sure: IDT911 spon­sors Third­Cer­tain­ty. This sto­ry orig­i­nat­ed as an Op/Ed con­tri­bu­tion to Credit.com and does not nec­es­sar­i­ly rep­re­sent the views of the com­pa­ny or its part­ners.

More on iden­ti­ty theft:
How Can You Tell If Your Iden­ti­ty Has Been Stolen?
What Should I Do If I’m a Vic­tim of Iden­ti­ty Theft?
How Cred­it Impacts Your Day-to-Day Life