Bank Deal: Earn 1.00% APY on an FDIC-insured savings account at Barclays.
How safe are your passwords? If you bank online, the only thing standing between you and a financial disaster is your password (and perhaps your username). And yet many people do an astonishingly bad job of selecting secure passwords.
A big part of the problem is that secure passwords are hard to remember. When combined with the fact that most of us have dozens of online accounts (if not more), it’s tempting to just an easy to remember phrase and use that. Over and over. But that’s exactly the wrong approach.
So what makes for a secure password? For starters, it should be relatively long. All else being equal, longer passwords are harder to crack. It should also be complex, using as many different character types as possible. And it should be a random as possible, avoiding common words, names, etc.
Oh, and you should also use a different password at every site.
In general terms, you should shoot for 12-14 characters, assuming the system will allow it. Some systems don’t allow long passwords like this, which is unfortunate, so you’ll just have to do the best you can. But, all else being equal, longer passwords are harder to crack.
As far as character selection goes, the more character types you include, the more complex your password can be, and the harder it will be to crack. If you stick to numbers, you only have ten characters to choose from. Add in letters and you have 26 (case-insensitive) or 52 (case-sensitive) more options. Throw in special characters (punctuation marks) and you add yet another dimension.
You will, of course, have to stick to what is allowed, but most modern systems now allow numbers, letters, and special characters. Of course, some seemingly security-conscious websites (*cough* TreasuryDirect *cough*) use case-insensitive passwords when case-sensitivity would offer a good bit more security. But, oh well… There’s only so much you can do.
Randomness. Ah yes, randomness. In general terms, you should avoid using dictionary words, names, birthdates, etc. That being said, you can use dictionary words as long as you string them together in a random combination. But you’re probably better off using a long, completely random, and complex password. So long as you can remember it, of course.
And there’s the rub. It’s hard to remember a long, complex password — much less remember a different one for every site. That’s why I recommend using an encrypted password keeper such as 1Password, LastPass, or KeePass.
I personally use 1Password — no affiliation, I just love it. I also use the iPhone app so I have my passwords with me (but secure) at all times. Yes, you still have to remember a password, but just one.
And finally… Why should you use a different password at every site? Simple. Because if one account gets compromised, you don’t want people to be able to hit your other accounts.
Consider the case of Gawker Media. Gawker owns popular websites like Gizmodo and Lifehacker, and their password database was compromised about a year ago. And in that one event, tons of passwords (and their associated usernames) were dumped into public view.
Imagine if you had been using the same username and password for Gawker Media sites as you use for your online bank, credit card account, etc. You’d be facing a potential disaster.
Well, guess what? It’s not that uncommon for sites to get hacked and for username/password databases to get stolen and cracked. If that happens, your account may be compromised, but as long as you’re using different login credentials at different sites, the damage will be limited.
As an interesting aside, an analysis of the Gawker password database revealed an amazing lack of creativity, with shockingly frequent usage of such cryptographic masterpieces as 123456, password, 12345678, qwerty, abc123, 111111, monkey, 12345, letmein, and so on.
Note: To be completely honest, I’ve been known to use the same (relatively) easy to remember password at a number of non-critical sites around the web. But I never use this password (or the associated username) for any “mission critical” accounts.
- How to Become a Millionaire
- How to Get Out of Debt
- The Best Dollars I've Ever Spent
- How Our Estate Plan is Structured
- How We Paid Our Mortgage In Less than 10 Years
- Money Making Ideas
- How to Manage Your Asset Allocation with Multiple Accounts
- Consumption Smoothing - Save While the Saving's Good
- How to Save on Groceries
- How Much Life Insurance Do You Need?
- Eleven Great Books About Money
- Dave Ramsey is Bad at Math (693)
- Dish Network Customer Service SUCKS (537)
- $8,000 Homebuyer Tax Credit (429)
- Pay Off Mortgage Early or Invest? (424)
- How to Claim the First-Time Homebuyer Tax Credit (352)
- Termite Control: Sentricon vs. Termidor (330)
- How Much Should You Pay a Babysitter? (292)
- Ethanol Blended Gas = Lower Mileage? (273)
- Reduced Credit Limits? Share Your Experience (256)
- $15,000 Homebuyer Tax Credit (242)
- Buying Furniture off the Back of a Truck (237)
- Will Mac OS X Lion Kill Quicken 2007? (191)