How to avoid common password mistakes

01/13/2014 12:00 AM

01/12/2014 10:26 AM

From e-mail addresses and online shopping sites to social media and bank accounts, we have so many password-protected online accounts, it’s easy to be lazy about creating a secure password for each site. But as identity theft rises and more companies with our personal information are being hacked (think Yahoo!, LinkedIn, eHarmony), it’s clear that many of us aren’t being careful about our password security.

In fact, there are five common password mistakes that almost every person makes. The good news is that many of them are easy to fix and will immediately make your passwords (and lives) more secure.

1. Keeping your passwords short and simple. Did you know it takes a hacker only 10 minutes to guess a 6-character, lower-case password? Add just one additional uppercase letter and the time extends to 23 days. Add one uppercase letter, a symbol and a number and the time extends to 463 years.

Key takeaway: The longer your password is, the longer it’ll take for a hacker to break into it. Make sure your passwords are at least eight characters long, and include one uppercase letter and a symbol and/or number.

2. Getting personal with your passwords. Have you ever created a password that includes your pet’s name, hometown or even a loved one’s birthday? Well, personal details like this can be public information that can easily be Googled. In fact, former presidential candidate Mitt Romney learned this the hard way when his Hotmail and Dropbox accounts were reset when the hacker was able to guess his “favorite pet” password-reset challenge question.

Key takeaway: Lose the biographical details when creating a password.

3. Using a password again and again. According to a 2012 NorSIS Password Survey, 74 percent of people admit they use the same password for multiple accounts. So it’s no surprise that 1 in 5 people report they’ve had an online account compromised, according to the Pew Research Center’s Internet and American Life Project.

Password reuse is your enemy and for good reason. Once a hacker guesses your password for one site, they can easily use this information to get into multiple sites including your e-mail, social media profile and even banking websites.

Key takeaway: Never use the exact same password for every site. Create a unique password for every account, especially those containing sensitive or confidential information. Think coming up with 20-plus passwords and actually remembering each of them is impossible? Consider creating a 4-character “salt” combo (example: “2I$4”) to use within each password to make them highly secure. The “salt” adds length and special characters, which make your passwords hard to crack, and slightly easier for you to remember.

4. Sharing personal information outside of your trusted network. We’ve all done it. In a hurry, we’ve shared credit card number, our Social Security number and usernames and passwords via phone, e-mail, text or even included it on forms we fax or e-mail to unknown destinations. However, transmitting confidential information via e-mail or text can easily be stolen.

Key takeaway: Never just send confidential information in an e-mail to family, friends or companies. After all, you don’t know how many servers the message will pass through between your computer and the recipient’s. If you have to e-mail sensitive information, encrypt it! And don’t be scared – it’s easier to do than you think. Just put the information into a file, compress it into a password-protected, encrypted zip archive file and e-mail it. And be especially careful using public Wi-Fi. Although accessing free public hotspots and Wi-Fi at hotels and restaurants may be convenient, they often can be fertile ground for hackers to steal this information while in transmission.

5. Writing all your passwords in a notebook or on a Post-It note. We know it’s hard to remember all those passwords for the multitude of online accounts you have. So occasionally, you may write a password here and there in your notebook. However, there is nothing is more easily stolen or misplaced than a piece of paper that has all your personal login information.

Key takeaway: Never, ever write down your username and passwords in a place that can be easily accessed. Even file cabinets in your home can be insecure.___

Join the Discussion

The Wichita Eagle is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere on the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

Terms of Service