Keep Your Passwords Safe From Hackers
Just about everyone can relate to the frustration of trying to make an online purchase or to access information at a website and not being able to remember your user name and password.
If you are over 50 and have that problem, you may attribute it to senior memory loss. That, however, is not really the problem. Even younger folks forget passwords.
It is because so many websites and Web services require passwords. When written down, my list of passwords spans 12 sheets of double-column, letter-sized paper.
Obviously, if you use a different password for each website, you will have pages of passwords, as well. Yet, if you’re like many others, you may use the same password for all of your websites
A recent Washington Post survey shows that 30 percent of respondents said they use the same password for different websites, including banking, social networking and shopping sites. This is a very risky practice.
We’re constantly bombarded with news about stolen passwords. Recently 6 million passwords were stolen from LinkedIn. Just this week, more than 400,000 email addresses and passwords were stolen from Yahoo and posted online.
It is obvious that if people use the same password at numerous websites, it was only a matter of time before hackers would use those passwords to try to access different websites.
Best Buy recently confirmed that hackers are using credentials stolen from other sites to make purchases at its online retail site. The same thing is happening at other retail and banking sites.
So the first rule of thumb is to use unique passwords for any e-commerce or banking websites. The second rule is to never use commonly used passwords. What are the most common? Although different research on this produces different results, several passwords are always in the top 25 most common.
If you think you are being unique by choosing the word “password,” you are wrong. It is usually the most commonly used password choice. This is often followed by 1234, 123456, 1234567, 1234567, 111111, 123abc, and querty.
Anyone who uses “letmein” as a password has many like-minded friends. It is usually on the top password lists along with other simple words such as baseball, football, michael, jennifer and monkey. Seems like everyone is a dreamer as indicated by other popular passwords like harley, mustang, master and superman.
It is also a known fact that hackers can use words from a dictionary to perform an automated attack to “guess” your password. So you don’t want to use plain words, even in combination. Hackers now also use rainbow tables, which are alphanumeric combinations of words and numbers.
They also have common substitutions included. So using a zero instead of the letter “o” or an eight instead of the letter “B” is not always enough to keep your passwords safe. Some of these tables also have symbols, but using a password with one or more symbols is still much safer than one without any symbols.
A really safe password will use a combination of uppercase and lowercase letters, numbers and symbols that do not spell out any words. The length of the password is also very important.
To give you an example of that, let’s consider a password that includes letters and numbers, but no upper- and lower-case combinations and no symbols. If the password has six characters, there are 2.25 billion possible combinations. A 10-character password will have 3.76 quadrillion possible combinations. Every time you add a character, you make the password exponentially more difficult to break.
If all this makes your head spin, remember that you can use simple passwords at websites that require passwords, but have none of your personal information. These sites usually also require an email address. So if you open a Gmail or other email account and use that specific email address only for this type of website, you don’t have to worry about compromising your security.
You should, however, be very careful with passwords for banking and e-commerce websites where your personal information and/or credit card numbers are stored. Use strong passwords for these sites and have a different password for each site.
Next week, I’ll give you a few tips on making passwords easier to handle.
Contact Sandy Berger at firstname.lastname@example.org.
More like this story