When you create a Social Media account, a sign up for a new email address, register for online banking, or create a new account at any website, you are often asked to create a "strong" or "secure" password.
The website might ask you to include capital letters, numbers, and "special characters". It can be hard to think up a complicated password that the website accepts and that you can remember!
But it is possible to make strong passwords that you can remember, and that will help protect you online.
I'll try to answer some questions about passwords. Why do you need a strong password? What is a secure password, anyway? How do you make a secure password? And, how do you remember a password?
Here's some tips and advice for making strong, secure passwords.
Why do you need to use strong passwords?
One very good reason is to prevent someone else guessing your password, and then having access to your account - maybe your email, your Facebook page, or your Amazon shopping account. Imagine what could happen if someone guessed your Internet banking password and then had access to all of your money! But it's not just your bank account that a thief might be after. Finding out the password to your email or your Facebook can let a crook send spam emails or messages to everyone you know. Finding out your online shopping website password could let someone else buy themselves all kinds of expensive things with your credit card.
This is why you should never use your name, or the name of your children, pet, grandchildren, something special that you love, or anything else that it would be easy for someone else to guess or to find out. And don't forget that someone who doesn't know you can still find out this information from your Facebook profile, or other information they can easily find online.
Another reason to use strong passwords, is that there are thousands of criminals and thieves who spend all their time trying to steal or guess passwords. Why? Because they can make a lot of money from these stolen passwords. Just think about someone stealing your Amazon password and ordering expensive goods, or someone stealing your retirement account password and transferring your money to another account. Now think about a gang of criminals gaining access to hundreds or thousands of these accounts and it all adds up to a very profitable criminal enterprise.
Why do you need to use complicated passwords?
All websites store your - and everyone else's - account information in their own big database. They also encrypt, or scramble your password in the hope that if the passwords were stolen, then they would be unreadable to the thieves. Unfortunately, even though you and me couldn't read the encrypted passwords, the thieves can use special programs to try to unencrypt or unscramble each password, one by one. Once they've unscrambled yours, then they know your username and password, and they can use these to access your account.
So, now criminals know that they can turn scrambled passwords into usable ones, many major websites have found that their database of usernames and passwords has been stolen. Adobe http://helpx.adobe.com/x-productkb/policy-pricing/customer-alert.html and LinkedIn http://en.wikipedia.org/wiki/2012_LinkedIn_hack are just two companies who had all of their users' emails and passwords stolen. And more companies are have passwords stolen all the time - your bank or the social media site you use could be next.
The stolen, scrambled passwords are put into the unscrambling programs and then the passwords that can be are unscrambled can be used by the thieves to get into your account.
So what does this have to do with complicated passwords?
Well, the way the unscrambling program work means that the thieves can unscramble simple passwords much faster than complicated passwords. Simple passwords are short passwords, and often use things like dictionary words, names, or repeated or sequential characters. So if your password is 123456 or carrots or kaitlyn or qwerty then it can be unscrambled almost instantly. And, the shorter the password, the quicker it is to unscramble.
The longer and more complicated your password, the longer it will take to unscramble. For example, a complicated password like h&sx9(^kEr53 can take months and months to unscramble.
Why do you need to use a different password for every website?
So perhaps you don't really care if your LinkedIn profile is stolen. And maybe it doesn't matter if someone else can get into your LinkedIn account. But what happens if you used the same password on LinkedIn as you used for your email or your Facebook or your Internet banking?
Now, anyone who knows how to get into LinkedIn can also see your bank account information or post on your Facebook page or send virus-laden emails to all of your friends and family. Cyber criminals know that many people use the same passwords for different accounts and you can bet that if they know login information for one website, then they'll try to break into other accounts with this information. But you can stop them by using a different password for each account.
Here's an example: American electronics megastore BestBuy reported that they have been seeing increasing numbers of criminals using login emails and passwords stolen from other websites to log in to BestBuy's website. Someone who used the same email and password for their LinkedIn and BestBuy accounts would be at risk of the LinkedIn password thieves using the same password to log into BestBuy and order themselves televisions and iPads using the innocent account-holder's saved credit card. http://consumerist.com/2012/06/11/best-buy-hacker-attacks-are-increasing/
This is why it's important to use a different strong password for every site you have an account for.
What is a strong password?
So we know why simple passwords are bad. And remember a simple password is something like a dictionary word, a name, or repeated or sequential characters. So if your password is 123456 or carrots or kaitlyn or qwerty then it can be unscrambled almost instantly.
So, you need something more complicated. Unfortunately, the crooks know all the same tricks that you do. Maybe you've thought about using a word but replacing an i with ! or replacing a with @ or putting a 1 at the end? But, the criminals already thought of that. c@rr0ts1 is almost as easy to break as carrots.
Remember that the longer and more complicated your password, the longer it will take to unscramble. Complicated passwords are ones with both capital and little letters, and that have numbers, spaces and special characters like ^ and & and * in.
You may have been advised to used complicated passwords like h&sx9(^kEr53. This is a really strong password. But of course, the problem with h&sx9(^kEr53 is that while it is a very strong password, how on earth are you going to remember it? Fortunately, there's a better way to make strong passwords.
How do I remember my passwords?
Instead of complicated, hard-to-remember passwords, try using a sentence instead of a password. This is called a passphrase. A passphrase is something like a phrase from a book, a line from a song, or any other sentence or sequence of words that you can remember. Here's some examples,
The Lion, the Witch and the Wardrobe
All I want for Christmas is you!
My favorite band is Simon & Garfunkel.
Most websites will let you use long passwords or passphrases, often up to 30 characters. If you can use a sentence like one these as your password, then they are much, much harder to break than a single word.
And in fact, these sentences are even better passwords than ones like h&sx9(^kEr53. This might sound unlikely, but the longer the password/passphrase is, the harder it is for criminals to find it out. And, if you think about most sentences, they have capital and small letters, and they have spaces, and they often have punctuation and special characters - so they turn out to be surprisingly strong passwords!
But it's still hard to remember a password for every site!
If you are like me, you probably have 10 or more online accounts. So it might seem overwhelming to create strong passwords or passphrases for everything.
Start by prioritizing your most important accounts, and upgrade them to strong passwords or passphrases. This could be your internet banking, your retirement accounts, health insurance, premium bonds, national insurance, eBay, PayPal, **Jan maybe you can you edit this list?** or anything connected to money or personal information all need strong, unique passwords.
Your email also needs to have a good password. Think about how many other websites you use that you can reset your password by emailing a link to you. So, you need to protect your email as well!
What you don't need to worry about as much is sites that don't store any personal data about you. This might be sites that require you to register to read an article or post in a forum. If these websites don't have any personal data about you, the you don't need to put so much effort into making a good password.
Creating Strong, Safe Passwords for Online Accounts
So remember these four things:
- Use long, complicated passwords, or even better, passphrases.
- Never use the same password in more than one place.
- Make sure your most valuable accounts have secure passwords.
- Change your password often - every 3 months is a good target.
I trust the above information and advice will help and secure your passwords!
I would like to thank my neice for writing the above article.