Another data breach shows key role of passwords
The Internet community is reeling from yet another data breach, with a Russian crime ring linked to stealing 1.2 billion password and username combinations this week. Many experts believe that they have access to billions more because of weak password creation, reusing credentials, and the linking of accounts (like using your Facebook to login to Flickr, for example).
The first line of defense in keeping your information secure is your password, and the reality is most of us are terrible when it comes to creating good ones and managing them. We get lazy: we want one simple password that we can use for everything. That makes hackers happy because it leaves users open to password theft with minimal effort on their part.
There are steps you can take to make your passwords secure. And while your passwords can still be stolen, the goal is to make your account as difficult as possible for a hacker to access. Like most other thieves, hackers want to get in and out quickly. A strong password makes that difficult for them to do and makes you less of an easy target.
Here are seven things you can do to create stronger passwords and manage them:
Don't use common words or patterns
Patterns or common words are easily guessable. If you can easily read it or describe it to someone, it's probably not a strong enough password.
Examples pulled from "The Top 25 Used Passwords of 2013" by Splashdata: "123456", "password", "qwerty", "iloveyou", "admin", "monkey" and "princess."
Make your password eight characters or longer
If you're using only numbers, a seven-number password creates 10 million different combinations. Adding one number increases the amount of possible passwords to 100 million, and it goes up exponentially for every character you add.
Use a combination of upper case and lower case letters, numbers, and symbols
An 8-character password that uses only numbers and letters creates 2.8 trillion different password combinations. Adding a combination of symbols and upper case and lower case letters creates over 6 quadrillion different password combinations.
Keep it as random as possible
While your password might have eight characters and a combination of symbols and cases, if it still follows a pattern, it is still guessable. Keeping your password as random as possible makes it that much harder to crack. For example: U9bX%k!p.
If this is too random to type, try things like shifting your typing row over or alternating cases and numbers. For example, if you want to use "football" as a password, you can try shifting your typing row up and alternating the shift key to create "r(o%gQoO".
Create a new password for every account
This is the hardest one to follow. According to an Ofcom research poll conducted in the United Kingdom in 2013, 55 percent of users reuse the same password for most or all of their online accounts. If one site has a breach and that password is compromised, all of your accounts are in danger.
If you are having trouble remembering dozens of passwords, look into a password manager like LastPass or KeyChain Access. They store your passwords on your personal computer and automatically fill in login information, often encrypting and decrypting them as you pull them from the program.
When available, use two-step verification
Most of the major sites these days offer two-step verification either through an app on your smartphone or using a dedicated device.
After entering your password, the site will instruct you to enter a number shown on your verification app or device. The number is randomly generated every 30 seconds or so and is linked to your account, but is still independent of your password. This means that a hacker would need to crack your password and gain access to your phone or device to get into your account.
Think of it like an ATM: you need both your debit card (username and password) and your PIN (verification number) to access your account, but your PIN changes regularly.
Change your passwords regularly
A rule of thumb is that your passwords should be changed every three months. In the event that your account information is stolen in a data breach, simply changing the password frequently can often thwart those wanting access to your account.
Companies do their best to protect your information, but you bear most of the responsibility when it comes to password creation and management. Taking some simple steps to strengthen and manage your passwords will go a long way toward hindering hackers when these data breaches occur.