While you make sure you keep your anti-virus software current, are you overlooking one of the most important ways to protect your company and personal information online?
A secure password is one of your best defenses to protect data, accounts, and other sensitive information. Now don’t worry–you don’t have to use a 16-digit, alphanumeric random code that makes no sense. To create a strong password that’s easy for you to remember, VistaComm’s Josh Broton, a precision marketing creative specialist /web designer, has compiled these simple do’s and don’ts:
- Don’t use a blank password or leave a default password. Many sites assign simple default passwords, or passwords built by a static algorithm, but these passwords are easy to guess. You cannot get less secure than this! Immediately change your password after you create an account.
- Do replace letters with characters. An example of this is the word “password” becoming “?a5s_w0rd.” According to howsecureismypassword.net, the former password can be broken into almost immediately, while the latter would take days.
- Don’t use personal information in a password. Whether you realize it or not, most of your personal information is available publicly online. If you’re on Facebook, for example, your spouse’s name, family birthdays, anniversaries, children’s names, pets’ names, and your interests (music, movies, sports, travel) are all available for anyone you know to guess your password.
- Do capitalize random letters, although NOT the first letter. Go back to the example of “?a5S_w0Rd.” By capitalizing the S and the R, the password would take about nine years to crack—a great improvement.
- Don’t use any of the most common passwords. A great list of common passwords can be found at http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time. (Sorry about some of the language, but it is what it is.) Remember that every password on this list is most likely used by thousands of other people. If your password is there, change it!
- Do use different passwords for different accounts. If your Facebook or webmail accounts get hacked, do you want the hacker to then have your bank account password, too? Don’t make it easy for them by putting different passwords on your various online accounts.
- Don’t try to be more clever than the Internet. Don’t try to make things up, thinking that no one else has ever thought of these passwords. Key patterns like “qwerty,” insults like “biteme,” combinations of words or acronyms like “letmein” or “lolrofl,” or words spelled backwards like “drowssap” or “llabtoof” are very ineffective and are included in every brute force dictionary attack password file.
- Do use a memorable quote to make an effective password. Robert J. Oppenheimer, one of the men who invented the atomic bomb, has been credited with saying, “I am become death, the destroyer of worlds.” To make this quote into a password, take the first letter of every word, along with the initials of the person quoted. Then apply the previous examples in this list of do’s and don’ts, and you’ll have a secure password. In this example, the Oppenheimer quote becomes “Iabd_Td0w-rj0,” which would take 301 million years to crack. Even better, when you craft a password from your favorite quote, it will be easy to remember.
- Don’t use a dictionary word (in any language) as a password. Since a desktop computer can test approximately 10 million passwords in a single second, a good brute force attack can guess a password that’s a dictionary word in less than .025 seconds. If hackers are using powerful server hardware or multiple machines, this can happen even faster.
- Do change your password fairly often. Even if someone if able to crack your password, the hacker will no longer have access to your accounts if you change your password often.
You’ve got questions? We’ve got solutions.
If you have more questions about Internet security, or your company has unique technology and software needs, VistaComm can provide customized solutions. We’ll be disappointed if we don’t hear from you at firstname.lastname@example.org or 866.752.7707. Thanks for the opportunity to serve you!