There seems to be a wave of email “hacking” underway right now. I’ve received several messages in recent weeks from friends whose email accounts have been compromised. If those friends use the same password for their email that they do for online banking or other accounts, they could face a mountain of financial and identity-theft woes.
While it may be impossible to create a “hack-proof” password, there are steps you can take to protect your password while shopping and corresponding online. Follow these tips to reduce your chance of becoming a fraud victim:
Use unique passwords for sensitive accounts, including your email account, bank account and retail accounts that include sensitive information such as stored credit card numbers. If you need to, use a notebook with coded hints to track your passwords if you aren’t sure you can remember them all. Don’t write your actual passwords down, but instead record tips that may prompt you to remember them. Keep this notebook in a hidden spot at home; don’t carry it around with you.
Make your password as strong as possible. When creating a password, include:
- A mixture of upper- and lower-case letters
- At least one number
- At least one special character, such as an asterisk, percentage sign or exclamation point
- Eight characters or more; in general, the longer a password is, the more secure it is.
Microsoft points out that criminals use special software to dechiper your password. For this reason, do not use:
- Any words that can be found in the dictionary in any language
- Personal information, such as your date of birth, your street name, people’s names or pet names
- Letters adjacent to each other on the keyboard (example: asdfgh)
- Words spelled backwards or misspelled
- Numbers found in your address or phone number; for example, if your phone number is 803-900-1234, don’t include “9001” in a password.
- Substitutions: using zeros for the letter O or the number 1 for the letter I in a dictionary word–New York University points out hacking programs check for these types of replacements.
- Numbers or letters in a sequence, such as hijklmn or 67890
- Any suggested password you found online
You may feel it will be too hard to remember a password that doesn’t contain any recognizable words. Consider creating a sentence you can remember, then using elements of that sentence to craft your password. For example, my sentence might be: “I want to go on vacation in Australia.” The first letters of each word would lead me to IwtgoviA. Then, I could add a special character in the front and middle of the password and a couple of numbers (maybe the age by which I want to travel there) at the end. The resulting password: %Iwtgov!iA61
Microsoft offers an online password strength-checking tool that it says is secure. If you’re going to use this, I recommend trying out different password formats but not entering the exact password you are planning to create.
More password-protection tips
- Microsoft recommends changing your password every three months on email, banking and credit card accounts, while Symantec recommends changing financial account passwords every one to two months.
- Make your new password substantially different from your previous one.
- Avoid using the same password on multiple accounts.
Keeping your password safe online isn’t easy, but falling victim to hackers can create much greater challenges. Have you been the victim of a stolen password? What online safety lessons have you learned the hard way?