Pick a Smarter Password and PIN
Do your passwords and PINs need a makeover? Here, how to pick ones you can remember, but hackers can’t easily guess.
It seems we’re asked for a password or personal identification number (or PIN) just about everywhere we go. Online banking and electronic payment methods have become a mainstay, not to mention all those websites and online services that require registration…
And, just in case you managed to memorize all your credentials, experts warn to change them every few months to keep criminals out. It’s a nuisance — but the alternative is worse with identity theft and fraud on the rise.
According to experts, you’re putting yourself at risk if your passwords…
– are too short. Fewer characters means fewer potential combinations, so anything less than six could be problematic.
– use common names, words or character strings. (For instance, Consumer Reports notes that some of the most popular passwords for Twitter include “rosebud”, “password” and “123456”.) Such passwords are easy to guess because they’re widely used.
– include words you can find in the dictionary, even if they are misspelled or backwards. “Dictionary attacks” are a common way to hack passwords, regardless of the language.
– use personal details like your initials, address, birthday, pets’ names, phone number, account numbers or digits from a piece of I.D. like your driver’s license. This information can often be found through other means, like the phone book or social media.
Create stronger passwords
Maybe you’ve spotted some red flags already? Here are some ways to create stronger passwords:
– Use at least eight characters. Some experts say that seven, twelve or fourteen are “the best” lengths, but most agree that longer is better.
In short, the best passwords look almost like a random mix of letters, symbols and numbers — but how can you make them memorable?
– Use a mnemonic. Create a simple sentence (or use a phrase you’ll remember) and capture the first letter of each word. For example: “All yellow dogs love to swim” gives you the character string “aydlts”.
– Write down part of your password. Experts recommend writing down the first and last couple of characters to help jog your memory. If your password is “24violet$”, then jot down “24v…t$” as a framework.
– Swap the numbers and symbols when you have to update — and leave the letters and words in tact.
– Keep a secure list — with caution. Many experts warn not to write down your passwords, especially for financial accounts where you could be on the hook for fraudulent activity if you do. However, some sources say you can write down your passwords if you keep them in a secure place (like a safe) rather than on your computer.
Another big no-no: using password managers or “remember this password” features in your Internet browser. If someone hacks into your computer, you’ve made it easier to access all of your other accounts.
Websites and online services that manage passwords are also a serious security risk.
Keep separate sets of credentials
You’ve got a strong user ID and password you can remember — but don’t use it too often, warn experts.
What about those number-only PINs we use online, in the store or at the bank machine? Many of the above rules still apply. For instance:
– Avoid using all one number, like “9999”, and skip sequences like “1234” or “5678”. These PINs are too easy to guess.
– Stay clear of your personal information like birthdays, phone numbers and account numbers.
– If you use dates, combine them. For instance, combine the date of your parents’ anniversary with the date of your favourite team’s big win.
– Turn letters into numbers. Using the keypad on your telephone, turn a code word into numbers to help you remember a numeric password or PIN.
– Use a unique PIN. Avoid reusing a previous PIN within a year or using one from another account.
Protect all of your accounts
One final warning: don’t underestimate the importance of protecting your passwords. According to the U.S. Computer Emergency Readiness Team (USCERT), many people mistakenly think their information isn’t useful to hackers. It might be hard to see why your data is of interest when there are better targets, but criminals target anyone and anything for profit.