The Password Balancing Act
- June 14, 2017
- By: CA Marketing
- Category: General
Cybersecurity versus Memory: How To Make Great Passwords
I’ve been thinking it’s time for me to reset all of my passwords (supposedly, we should do this at a very minimum of once per year, ideally every 90 days), but it feels like a monumental undertaking. Most of us wrestle with the complicated balancing act of trying to protect our online security while at the same time creating passwords we can actually remember when we need them.
Almost every single thing we do online requires a username and password. Cybersecurity experts say these passwords should each be unique, lengthy and contain letters (both upper- and lowercase), numbers and symbols. Oh, and the longer the password, the more secure it is. Some experts recommend at least 12 characters in length and others encourage up to 20 characters if you want to be really safe.
Here are a few tips to create original, memorable passwords and enhance your cybersecurity.
1. Avoid names, places, and common dictionary words. Password “crackers” utilize many different dictionaries when they are looking to break into your accounts. For the root of your password, they search on English words, names, foreign words, phonetic patterns; for appendages, they look for two digits, dates, single symbols and so on. They run the dictionaries with various capitalizations and common substitutions: “$” for “s”, “@” for “a”, “1″ for “l.” This guessing strategy quickly breaks about two-thirds of all passwords.
2. Turn a sentence into a “passphrase.” Passphrases are a relatively new way of thinking about security. Make sure the sentence is something personal and memorable for you. Take the words from the sentence, then abbreviate and combine them in unique ways to form a password. For example:
When I travel I am always tired! But I love to spend money on trips: WitIaat!BIlts$ot
My favorite time of year is the fall and I love fresh apples and pears!: Mftoyitf&ilfa&p!
Instead of a difficult-to-remember string of characters, you now have a lengthy and secure “phrase” instead. Again, it’s best to try to make your passwords at least 12 characters in length.
3. Never store your passwords in a file on your computer or smartphone (however, refer to Item 5 if you do). This is basic cybersecurity 101. If you must keep a written copy of all of your passwords, keep that file in a secure place in your home or office, such as a safe or in a cyber vault.
4. Never reuse the same password. This is the part that hurts. UGH! Creating and remembering a unique password is challenging on its own, much less doing it multiple times and then remembering what you used where. I feel like I sign up for a new website or service nearly every day, and if I am constantly creating new and unique passwords, I’ll spend hours just trying to log in or re-check my passwords. But the truth is, it’s obviously not a good idea to use the same password over and over because if just one site gets comprised, your entire “identity” ship could sink.
5. Use a password management application. Luckily, technology has come to our rescue. There are a plethora of password management options, and many applications even generate unique, lengthy passwords for you and then remember them for you as well. This is especially helpful, because then you only need to remember one single password to access your “vault” and you’ve effectively secured everything you sign into. Some pay-for-use options (prices range from $19.99-$39.99/year) include Keeper, Dashlane, LastPass 4.0, LogMeOnce, Password Boss, or RoboForm (which we use here at the office). Some free applications you can look into are: KeePass, LastPass (free version), Enpass and oneID. P.S. Be sure your single sign-on password is incredibly complex!
6. Where to begin? Pick a category a day and update your passwords for that category. This way, you should get through most of your sites within a week, and it hopefully won’t feel as overwhelming to execute all of the updates. Start with all of your financial sites the first day, then maybe online retail, email accounts, then sites related to news, kids, pets, etc. You’ll be super cyber-secure in no time flat.