Saturday, February 1, 2014

Are Your Passwords Safe?

With the growth of social media websites, and more businesses letting you do transactions via the Internet and mobile devices, you have a growing number of online logon ID's and passwords that you must remember. Every time you sign up at a new website, you face the challenge of what to enter as your password. Here are some password dangers you need to avoid, and steps you can take to mitigate them:
Picking Bad Passwords
Selecting a simple or common password that is easily remembered by you (e.g. “password”, “123456”, “qwerty”) is also easily guessed by hackers.

A best practice is to create “strong” passwords that are difficult to guess. Strong passwords have all of these qualities:
Length of 8 or more characters
Includes a mix of upper and lower case letters
Includes numbers
Includes special characters (e.g. !, @, #, %, etc.)

Not Locking Your Mobile Devices
With new mobile devices, the default setting is to not have an unlock code to access the device.   If you lose your phone and don’t have an unlock code, and you don’t have a way to remotely wipe it, the finder has free reign to go through your emails, contacts, apps and other personal information you store on, or access via, your device.

As soon as you set up your new mobile device or phone, create an unlock code or password.

Reusing Passwords Across Multiple Sites
You run the risk that if one of the website sites you use gets hacked and the website doesn’t store passwords in encrypted format, hackers will use automated programs to scan 1000’s of websites trying to see if your username and password works on one of them.

To mitigate this issue, use a number of different logon ID and password combinations. This is especially true for “like” accounts. If you have multiple bank or credit card accounts from different banks, use a different logon ID and password for each. That way if a hacker does learn the access for one, the hacker does not have the access to the others.

Sharing Your Passwords
When you share your password, you share your identity and possibly your personal and financial information. If you share your password with someone that uses that information to commit a crime, you will likely become a suspect in that crime.

Do not share your logon ID and password with others.

Not Changing Your Passwords
Having old passwords means that someone who previously had access to your accounts, still has access to your accounts.

Change your passwords several times each year. It could be as simple as changing one character. In addition, do not reuse prior passwords within the same logon ID.

Writing Your Passwords Down
If you write your passwords down on a piece of paper, remember that it’s just a piece of paper. You run the risk that you may lose it, it may not be with you when you need to login on, or someone may simply take that piece of paper and gain access to your accounts.

Do not write down your passwords on a piece of paper.

There other high-tech ways to secure passwords and account access, such as password storage programs, biometric readers and smart cards. Some are costly or require the host system to accommodate them. We'll investigate those in a future post.

David Schuchman