Password Safety Tips

Originally published January 17, 2013

We live in a digitized world. Paying bills, checking your bank account, and socializing used to be done in safe, private settings. Today we hop onto the Internet to manage social networking, apply for jobs or pay bills. To be safe, you need to protect your personal information with secure passwords.

BendBroadband’s Information Security Officer, Matt Shaffer, explains: “The length of the password is currently more important than the complexity. The majority of password-cracking software can break an eight-character passwords within minutes.”

In recent attacks on the professional networking site LinkedIn and dating site eHarmony, it was revealed that a large number of account holders were managing their most personal information using insufficiently safe passwords. Strange as it may seem, people were safeguarding their personal lives with passwords such as “abc123,” “eharmony,” or just “password.”

“One of the best ways to be safe in today’s insecure environment is to think about passwords as passphrases,” says Shaffer. “If the site that you’re doing business with allows you to create long passwords, the best safety tip is to create a passphrase.”

A passphrase, says Shaffer, could be a random set of words that only makes sense to you. An example would be “JacketFishHat.” Many websites dictate that you use a combination of digits and upper- and lower-case characters to make it harder for someone to guess your password. The previous example could be adapted to that requirement like this: “Jacket3Fish2Hat1.”

Shaffer has put together his five top tips to keep your personal business your own.

Use passphrases: A passphrase with multiple words is probably the easiest thing for most people to remember. According to Information Week, a six-character password can be cracked in five seconds. If you increase the number of characters in your passphrase to nine or more, it will take too long to crack with today’s technology. Cyber criminals are only interested in quick payoffs, not what takes months to figure out.

Be dishonest: If you forget your password, you can still access your account by answering safety questions. One of the more common questions: Your mother’s maiden name? It’s OK to lie a little bit. Chose something that can’t be verified through your Facebook page. If the real answer is “Smith,” choose “Jones” instead. If your first car was a Ford, pick a Lincoln instead. And don’t use the name of your pet: A quick check on your Facebook page is all that is needed to find out that your
dog’s name is Spot.

Don’t write down your passwords: “If you can remember your passwords without writing them down, the safety goes up,” says Shaffer. If you need to write it down, use a password manager app or put the list of passwords in a very safe place. “If you use a password manager, pay for the app instead of going for a free service,” says Shaffer. “The word ‘free’ could mean that the software company doesn’t spend enough time to keep their program up to date.”

Don’t use the same password for all your logins: If your password or passphrase is compromised, all your sites could be in danger, according to Shaffer. “You should have a password for every site. You can always use variations of the original password or a theme to remember the password or phrase.”

Password-protect your mobile device: “It’s a lot easier to lose your phone, compared to a laptop or your desktop at home. If you lose your tablet or phone and all your passwords are saved in plain text, you can be in a world of hurt.” Just make sure you use a passphrase to keep your mobile device safe.