Using good passwords on the Internet is so basic that not doing so is almost funny. Actually, it is funny.
For years now, two of the most common passwords that people use, according to password management firm SplashData, are “123456” and “password.”
In its most recent findings, SplashData revealed that other popular passwords in the current top 10, in order, are “12345678,” “qwerty,” “12345,” “123456789,” “football,” “1234,” “1234567,” and “baseball.”
How long do you think it would take a hacker to get into an account “secured” by such passwords?
According to other studies, additional mistakes people make with passwords are using your name, your pet’s name, your company’s name, your birthdate, the name of a relative, the town you grew up in, or a dictionary word. Some password-cracking programs simply run through all of the words in a particular dictionary.
Many banking, credit card, and other sensitive sites these days require you to use longer passwords that include at least one capital letter and one number. But hackers, by breaching even one of the sites you use, may be able to collect data they can use to crack other sites. Eventually, you wind up with a huge credit card bill, your bank account is emptied, or you otherwise have your identity stolen.
The main issue with passwords is balancing security with convenience. This leads to another common mistake, using the same password with all of your sites. This, of course, isn’t a secure option either since a breach of one site leads to a breach of all. The same is true with usernames. It’s best to use different ones at different sites since your username is half of your username-password lock.
Even if you’re not required to, you should use upper and lowercase letters and numbers as well as punctuation marks or symbols in your passwords. The more types of characters you find on your keyboard that you include in a password, the more difficult it will be to crack it.
It’s better to use longer rather than shorter passwords. Eight characters should be the minimum, but twelve is even better. According to the security software company Symantec, a password with only eight lowercase letters can be cracked in less than a minute.
Even more secure than using a long password is using a “passphrase.” A short sentence, such as “Go forth 4 ever&more,” can be easy to remember, not too difficult to type, and very difficult to crack.
One option in remembering passphrases is to make yours a variation of one another, changed in a standard way based on the site you’re connecting to. As just one of many possible examples, you could include the first three letters of the site’s name within the passphrase that are pushed forward three places, so that GOO becomes JRR.
Whenever it’s available, use dual-factor authentication, sometimes called two-step verification, particularly with financial or other sensitive sites. Dual-factor authentication requires you, when gaining access, to provide along with a password a second piece of information, such as answering a security question or returning a code that’s texted to you.
Choose security questions whose answers can’t be easily guessed by hackers or found from information publicly available online, such as the city where you went to high school. A recent study by Google of the security questions that people choose and how they answer them indicates it can be relatively easy for a hacker to guess answers. Google found, for example, that a hacker has a 20% chance of guessing that an English-speaking user loves pizza.
Relatively few people do this, but changing your passwords every three months or so also provides extra protection.
So you don’t have to remember passwords and usernames, a good option is to use a password management program. It goes without saying that this is more secure than writing your passwords on a piece of paper and taping the paper to your computer or pinning it to a bulletin board.
A password management program lets you use one password for it and fills in your passwords, automatically and behind the scenes, for sites you visit. Two recommended password managers are Lastpass and KeePass. Some general security programs, such as Norton Security, include automatic password-generating modules.
Use fingerprint authentication if it’s available. Passwords are an old technology, coming into existence back in the 1960s at MIT. Fingerprint or thumbprint authentication, though not absolutely foolproof either, is more secure.
Other security options, though still new, include facial recognition and voice recognition.