Password Security Do's and Don'ts Outlined by Security and Privacy Company

Online hackers don't need high-tech tools to guess the passwords of many online account holders today. Once they have access to a computer, stored files and family photos can give hackers all the clues they need. With some time, guess work and the use of trial and error, it doesn't take some hackers long to virtually take over an online account holder's financial life.

One of the problems with passwords is that users forget them. Hackers know that many online account holders use simple, easy to remember people, places or things for their passwords.

In a Nov. 15 press release, Adaptive Marketing's security and privacy membership program, Privacy Matters, urges all consumers to create and maintain safe passwords for their online accounts. Taking some time to review the company's do's and don'ts of password security may be time well-spent.

To begin with, Privacy Matters advises against using family names or nicknames. Hackers and information thieves are practiced at guessing pets' names, special dates, clever nicknames, etc. Bottom line: Personal information of all kinds should never be used in a password.

It's also recommended that online account holders stay away from the use of single words as a password. Hackers can literally try every word in the dictionary until they find that one word that opens the door to an account holder's financial life and all the information they will ever need.

According to the University of Michigan Information Technology Division, online passwords are frequently stolen, in part, because hackers have so many tools at their disposal. Among them are dictionary programs and sniffers. A hacker can launch a dictionary attack by passing every word in a dictionary (English as well as foreign language dictionaries) to a login program, looking to eventually match the correct password. A sniffer can read every keystroke sent out from Internet users, including passwords.

So, what should online account holders do to keep a password safe?

Privacy Matters advises creating what they call an atypical mix of characters. The possibilities here are literally endless. One can also choose a word in another language and then replace letters for characters like @, #, &, %. It's also a good idea to throw in an uppercase letter or two.

A pass phrase is another good idea. Sometimes a word may be harder to remember than a phrase like imtootall2 or u8mine. Using the first letters of a movie line or easy-to-remember phrase can work. For example, "the heart is deceitful above all things" would make "thidaat." Again, the possibilities are endless.

Privacy Matters urges consumers to use different passwords for different accounts. It is also best to use a password with at least six letters and no less than one number.

Passwords should also be changed every 30 to 90 days and should remain out of circulation for at least a year.

Finally, Privacy Matters suggests using password management tools currently on the market. These programs are said to maintain a list of user names and passwords that are encrypted, which increases the security of online information.

Sources:

Press release, "Privacy Matters Reminds Consumers About the Do's and Don't of Password Safety;" http://www.prweb.com/releases/Privacy_Matters/PrivacyMatters/prweb569709.htm

U of M, "Password Security: A Guide for Students, Faculty, and Staff
of the University of Michigan;" http://www.umich.edu/~policies/pw-security.html