No birthdates. Add a symbol. Don’t use your kids’ names. The list goes on and on. Passwords are a pain – I get it. And they become even more bothersome when we have to create so many for all of our different applications – from work accounts and personal finance applications to social media and more.
Do you know how many accounts you are actually responsible for? I challenge you to document each of your different accounts and passwords – and look at the difference in character requirements and other policy-related activities. I bet you’ll be amazed at the simplicity of your passwords. It’s no surprise so many accounts are being compromised.
4 Essential Password Rules to Follow
So what can you do to change up your passwords and keep them safer from being hacked?
- Switch them up – Never use the same password for multiple accounts. If one is compromised, so are the rest.
- Change often – Change your passwords every 90 days at a minimum. Have a hard time remembering when to change? Try setting a calendar reminder.
- Use Ch@ract3rs – The golden rule of passwords is to use, at minimum, 8 characters, 1 uppercase, 1 lowercase, 1 numeric and 1 symbol; and, no, it definitely shouldn’t be P@ssword1.
- Don’t recycle – While recycling may be good for the environment, it’s not good for passwords. If you just can’t part with your favorite password, make sure not to reuse it within 12 months.
If you follow the rules above, it will take hackers an estimated 7 to 30 days to break into your associated account depending on the complexity. That should provide you with a certain level of confidence. If the 30-day timeframe still doesn’t sit well with you, you should create a passphrase – placing four unrelated words together in succession. Here are two examples:
But even with passphrases, you should avoid common terms, like the year you were born and your daughter’s birthdate.
Surprisingly, using a passphrase can increase the timeframe for hackers to compromise your account to about 3 months. By regularly changing passwords or adding uppercase letters, numbers or symbols, you are truly a champion of protecting your electronic persona. This raises the complexity almost 10 fold from the minimum password standards I mentioned above.
You Changed Your Passwords, Now What?
So let’s say you went through your accounts and changed them all to passphrases. You’re well on your way to keeping your digital profile secure, but how do you manage all of those different passphrases in a secure way?
- Maintain a secure Microsoft Excel spreadsheet with the history of your accounts and their passwords.
- Keep a separate copy for continuity and disaster recovery.
- Download a smartphone application, such as Keeper, that provides an encrypted vault and cloud-based backup for continuity and disaster recovery.
There are other applications and techniques, but it is up to you to manage your electronic persona accordingly.
Hacking is a Reality
Sticking your head in the ground and assuming it won’t happen to you makes you a hacker’s dream target. We will all experience a compromised account at some point in our personal or professional lives, but we are solely dependent and responsible for making it as difficult as possible for the hacker.
4 Key Takeaways:
- Maintain minimum complexity standards for all of your passwords.
- Change passwords at least every 90 days.
- Do not post your passwords.
- Apply these rules to all of your devices and applications.
In the following weeks I’ll talk more about security concerns related to passwords, such as what to do when your account is compromised and more about password safeguarding.