Almost every online service requires users to create an individual account. Checking your email? User name and password, please. Listening to Pandora radio? Enter your account information first. Shopping online? Log in to view your cart. Online banking? No problem – just answer a few security questions first. Whether you’re paying your utility bill online or viewing a friend’s Instagram account, you’ll need a unique user name and a password. The keyword here is unique. A weak password is a green light for hackers, and the standards for password strength change quickly.
Then: A few years ago, the recommended length for passwords was six characters. Then it grew to eight. Many sites still enforce a six-character minimum.
Now: Security experts advise that the strongest passwords contain at least 14 characters, including numbers, symbols, and lowercase and uppercase letters.
Then: When the Internet was fairly new, our biggest concern was forgetting a password rather than having it stolen. Many people used birthdays, maiden names, the name of their pet, addresses, and other personal information in passwords.
Now: Using personal data in a password or username is a huge faux pas. Instead, experts recommend using non-dictionary words. The downside? No daily reminder of your cute kitten and your favorite number. The advantage? Nonsense words are now work-appropriate. Whiskers55 is out, but Floodlevoomer is in!
Password vs. Pass-phrase
Then: Password. As in, pick one word and use it.
Now: Pass-phrase. Experts suggest using phrases instead of words because a phrase is easy for a user to remember but difficult for a hacker to guess. Take it one step further by using a mnemonic device to remember the first letter of each word of a phrase. For example, let’s say your phrase is “To be or not to be, that is the question.” Your password would be “tbontbtitq.”
Then: We’re all guilty of scribbling account information on a Post-It note and sticking it under the keyboard, in a drawer, or on a bulletin board. However, hackers are sneaky on the computer and off, and they will dumpster dive for paper with passwords, user names, and any kind of account information. Many stationary and home organization stores sells password journals. Sure, the paper is cute, and it seems like a good gift for a grandparent new to email, but unless you plan to keep your password notebook in locked safe, skip it.
Now: Use a password management system to keep track of your online accounts. Services like 1Password, LastPass, and KeePass store your log-in information in a single, strongly encrypted location. The only password you need to remember is the password to one of these sites – your “master password.” These services will also generate strong passwords for you using a variety of letters, numerals, and symbols.
Unfortunately, these days the only secure password is one you can’t remember. Replace your old passwords with stronger ones, and start using a password management system to keep track of your online identities.
Amy S. writes about technology for RJS Software Systems, a leader in information and document management solutions.