How to Create a Strong Password
We've all had it happen to us before ..
My Gmail account got Hacked!! Please don’t respond to the messages that were sent out!!
How did my gmail account get Hacked?
We all have our favorite e-mail accounts. After a while you have signed up so many subscriptions, you have entered the e-mail address into so many sites that eventually an EVIL HACKER gets a hold of this 'legitimate' e-mail address. Then, it is just a matter of time for that account to be hacked. Hackers have access to several password cracking tools. All a hacker needs is Processing Power and Time to TAKE OVER. Processing power is pretty cheap and a hacker may have plenty of TIME until you decide to change your password. So you may think that your password is VERY clever. However, that account in the wrong hands will eventually get cracked. I could go into detail about the complexity of cryptography, encryption algorithms, processing speed, botnets, cloud processing .. but I can tell that your eyes have already glazed over. TRUST ME!! You must take care in how you handle your password.
You may think the recommendations below are OVERKILL, but let me tell you the threats are REAL. My e-mail account was taken over about 6 months ago. I had a VERY strong password. However, I was complacent and hadn't changed it for a while. Also, it was such a strong password I had the same password as my bank. (NOT GOOD!!) My bank account was TAKEN OVER. I realized this happened within the hour that it occurred and was able to recover everything. No transactions were performed but it FREAKED ME OUT!!
Do’s and Do Not’s of Password Security
- Do create a strong password (see below).
- Do have different passwords. If your e-mail account password is compromised you do not want your bank account to be taken over! Even Google said so! Don't have the same password as your online banking accounts!
- Do change your password. Cracking a password usually is lucky because of a 'point in time.' The time the account was discovered, the brute force started, and the account taken over. REDUCE a hackers luck and shorten the time they would have to crack the password.
- Do check the strength of your password if you are concerned. I would recommend the Microsoft Password Strength Checker.
Now the Do NOT’s!!
- Do NOT pick a weak password. (see below).
- Do NOT use the same password for all accounts. Same reason as above. One word of caution .. you may have a GREAT wireless password. However, this password is often shared with people that want to get on your wireless network. Don't use this password for other online accounts.
- Do NOT check your password strength and enter it into a random web form. You may be entering the password into a DEVIOUS site created to collect passwords.
- Do NOT share passwords in an insecure fashion. (Don't share in e-mail, chat session, any unencrypted web session .. 'HTTPS' IS YOUR FRIEND!)
- Do NOT leave your passwords in the open for people to see.
- Do NOT have a document on your desktop labeled 'Passwords.' If your home computer is ever compromised, this is a hackers pay day to be able to take over 10+ online accounts.
- Do NOTuse any of the suggested passwords in this post or other posts you see about password strength,
What is a ‘weak’ password?
- The username and password are the same.
- 123456, abcdef or asdfgh
- “password” as your password
- Site name – Please don't choose the following password for your gmail account: 'gmail'
- Anything that can be linked to you and considered 'public information' (phone number, address, name, spouse's name, birthday)
- Dictionary words “bank” “house”
- Phone numbers
- Common Sequential numbers or keyboard letters: 'asdf '1234′ '911′ '31457′
How to Create a Strong Password?
- Use a 'passphrase'
- Use at least eight characters (this is quickly moving to 12, but for now I will say 8)
- Use upper and lower case letters
- Use numbers
- Use symbols or special characters
What is a PassPhrase?
A passphrase is a combination of letters and characters but they have a meaning to you as the user. It is an easy way to enter numbers and special characters in the password and STILL be able to remember it.
Let's say your old password was 'lassy5.' (Lassy was your dogs name and your favorite number is 5). Let's just beaf up this password.
L@s$y55! – I substituted the '@' for the 'a' the “$' for the 's' added another 5 and exclamation point for good measure.
Other good substitions – # for H, 4 for A, ( for L
You could also take a phrase. ”I love to dance all night long!” Now take the first character of each word “iltdanl” … Now add numbers and upper and lower case .. “Il2Danl” Now add a special character “Il2d@nl!”
Use different passwords for different sites
If you like this strong password 'L@s$y55!' you could change it slightly for each site. 'L@s$y55!mail' for gmail 'L@s$y55!face' for facebook and so on.
Change your passwords
You could have a number at the end of the password and just increase the number by a digit each time. 'L@s$y55!mail1′ 'L@s$y55!mail2′ and so on. You could do this monthly for online bank accounts. Every six months, think of a new CLEVER password.
What about my Bank Password?
Most banks have adopted the SecureEntry two-factor authentication. (Two Factor Authentication – Something you HAVE and something you KNOW). This means that you need more than just know a 'password' to get into the bank account. You have to register your computer by answering 3 to 5 preset questions to authorize any new device. Once the device has been registered there is a token loaded onto your computer. (Something you HAVE) Usually this is represented by a picture that is shown at login. Now that the login screen has recognized something you HAVE, you can enter your password (Something you you KNOW). If you notice that the picture has changed, or you cannot login with your current password, contact your bank IMMEDIATELY!!
If your bank does not have SecureEntry in place, you should have a VERY strong password for that account (consider 12 characters) and change the password often. You should request that service from the bank.
I have SO MANY online accounts? How can I manage all of these PASSWORDS?!
There are password management tools out there. In my opinion, I don't trust an online password management tool. Instead I would focus my efforts where it matters most.
FIRST – Any online account that can perform financial transactions .. Bank account, Credit Card Account.
SECOND – Any online account with sensitive information .. QuickBooks, Mint, — Aggregate of financial accounts.
THIRD – Any online account that could result in reputational damage .. Social Medial Account: Twitter, Facebook, etc. Main personal e-mail account – Lots of contacts saved. Blog or website Login.
So there you go …
How can I remember my new passwords?
You CAN remember multiple passwords. I recall before I had a cell phone on me constantly, I could remember more than 40 phone numbers! Here are some tips to remember your new password.
- Set the password in the morning, when your mind is fresh and awake!
- Login and logout of the account multiple times after resetting. (practice