By Marian Merritt
There have been some well-publicized news stories of hacked websites where millions of user accounts and passwords were posted publicly. Can you imagine if you were one of those users affected? They likely had to hurry to change their credentials and make sure they didn't use the same combination of email address and password on any other websites. Chances are these people, like many others, did use the same password for other accounts. Many people not only use the same password all over the Web, but they also choose weak and foolish passwords.
Here's a list of some of the top password choices for millions of computer users:
Passwords are the digital keys to our networks of friends, our work colleagues, and even our banking and payment services. We want to keep our passwords private to protect our personal lives, and that includes our financial information. While some cybercriminals may want to hack into our social networking or email accounts, most want the financial gain that hacking bank accounts can bring.
The most important two passwords are for your email and social network accounts. If someone gains access to your email account, he could use the "forgot your password?" link on other websites you use, like online shopping or banking sites. If a hacker gets into your social network, he has the ability to scam your friends by sending out links to dangerous websites or posting fraudulent messages asking for money. The bottom line is that a good password is all that may stand between you and a cybercriminal.
Dos and Don'ts
A good password is one you can remember but a hacker can't guess or crack using software tools. A good password is unique and complex. Here are some dos and don'ts for creating and maintaining strong passwords:
- Do use a combination of uppercase and lowercase letters, symbols, and numbers.
- Do make sure your passwords are at least eight characters long. The more characters your passwords contain, the more difficult they are to guess.
- Do try to make your passwords as meaningless and random as possible.
- Do create different passwords for each account.
- Do change your passwords regularly.
- Don't use names or numbers associated with you, such as a birth date or nickname.
- Don't use your user name or login name in any form.
- Don't use a derivative of your name, the name of a family member, or the name of a pet.
- Don't use a solitary word in any language. Hackers have dictionary-based tools to crack these types of passwords.
- Don't use "123456", the word "password," or any of the other poor password examples shown above.
- Don't answer "yes" when prompted to save your password to a particular computer's browser. Instead, rely on a strong password committed to memory or stored in a dependable password management program. Norton Internet Security and Norton 360 security software both include Norton Identity Safe, which stores your passwords securely and fills them in online in encrypted form.
- Don't ever write your passwords down, and never give them out to anyone.
Begin by creating a password phrase that you will customize for each website you use. For example, one possible phrase is "I want to go to England." Next, convert this phrase to an abbreviation by using the first letters of each word and changing the word "to" to a number "2." This will result in the following basic password phrase: iw2g2e. Last, put the first and last letter of the website you are using on your new password phrase.
For example, if you want to create a password for Symantec.com, Siw2g2ec is your new unique and complex Symantec password!
Editor's Note -- Let us know if your organization needs assistance to better manage passwords and for overall help with your cyber security. We provide security audits for organizations of all sizes.