Password Checkups Guard Against Hackers

Keep your email and other account info safe from hackers with these password checkup tips.

Passwords are familiar to anyone with an electronic device. You need them for your PCs, handhelds, email, social media pages, and more. With all these online accounts, it’s good to give your passwords a security checkup now and again. Here are some tips to help you create and manage strong passwords.

How Strong Is Your Current Password?

Login screen with weak password

If you've used the same password for quite a while, it's probably time to update to a longer, more-secure word or phrase.

Most sites have several password creation standards. These include use of combination characters — capitalized and lowercase — within a word; using one or more numerals within the word; no repeating characters; use of at least one “special” character, such as a question mark, asterisk or end bracket; and creating a password that is at least eight characters long. However, these standards can’t cover every situation. If any of the following apply, you’ll want to upgrade your password:

  • Your password is a name (your own, a coworker’s, family member’s, pet’s, or famous person).
  • You’re using your social security number, drivers license number, passport number, or some other identification number as your password.
  • The password includes repeated numbers, letters, or characters (111111, aaaaaa, !!!!!!), or has an exclamation point or question mark as the first character.
  • The password includes numbers or character combinations that are next to each other on the keyboard (123456, asdfgh).
  • You’ve had the same password for several years. Websites routinely upgrade their password requirements for new users, but they don’t always ask current users to change existing ones. As a result, you might be using a simple four-digit password, while newer users must create words of eight digits or more (see Figure 1).
  • The password is something that people might be able to guess from your wallet if it’s stolen, such as your favorite sports team.
  • The password is  used for multiple items, such as the PINs to your debit and credit cards.

Think Passphrase, Not Password

With more sites being able to accommodate ever-lengthening passwords, the passphrase becomes an even more helpful tool. Choose a sentence that you can remember, such as a quote, the title of a favorite book, or personal fact (e.g. “Goaheadmakemyday”). Make the passphrase harder to crack by using the first letter of each word in a phrase, and then add special characters and numbers. (For example, “Humpty Dumpty Sat On A Wall” becomes hdsoaw!9; “Mary Had A Little Lamb” becomes mha<L1LL.)

These passphrase-related passwords can become the foundation for a series of words that are easier to remember than separate passwords for each account. For example, the “Mary Had A Little Lamb” example, with some minor tweaking, could become the basis for several other passwords:

  • Facebook: mha<L1LL-Fb
  • Bank of America: mha<L1LL-B()fA
  • LinkedIn: Lin-mha<L1LL<L1LL

Change the Configuration of Your Password

Login screen with strong password

Using a new ASCII character -- available in your user name or password -- can make life very difficult for hackers.

Passwords don’t have to consist of completely alien-sounding tongue. There are several ways to up the security of your password while keeping it easy to read (and remember):

  • Add one or more spaces in the password — as in changing “hellothere” to “he llo there” or “hello there”. This allows you to keep whatever easy-to-remember phrase or combination you usually use. You just have to remember where you placed the extra spaces.
  • Substitute a couple characters and your security level goes up significantly: for example, a birthday password like “John090999″ can become “J()hn090999″. Move the birthdate around — for example, year first, followed by month and day — and the code is even harder to crack: “J()990909″.
  • If you’re a Windows user, you may be familiar with the Alt + numeric pad key combination that creates ASCII and Unicode characters which are not present on a regular keyboard. For example, when you use the number pad and press Alt + 3 in any text field in Windows, it will create a ? character. You can generally use a single ASCII character at the start and end of the password. So it would look something like: “?yourpassword?”. Note, however, that ASCII characters are not always recognized by websites or certain handheld devices, such as cell phones without a full keyboard. You’ll have to test these site-by-site, item-by-item to see where they actually work. Check here for a complete list of ASCII characters.

Be Careful With Security Questions

Many websites, especially financial ones, require you to answer several security questions when you set up your account. These are used to verify that you are indeed you if you forget your password, or if you dump collected cookies during a desktop cleanup, or even as a result of a software update. Try to avoid basic questions, such as your mother’s maiden name or the city where you were born, as this information can be obtained elsewhere. Go instead for questions to which only you (and perhaps immediate family members) know the answer. In many cases, you don’t even have to be truthful, as long as you can remember your answer. For example, you might choose security questions such as:

  • The first school you attended.
  • Your first pet’s name.
  • Your favorite color.
  • Where you first met your spouse.

Caveat: Make sure you haven’t disclosed such information on public sites such as Facebook, or these questions become as insecure as the more obvious ones.

Warning: Remember to ignore email messages asking you to change your passwords to your bank accounts — it’s a common phishing attack. If you get such a note, do not click any of the links. Go to the account website the way you would as if the message never existed.

Stay Away from Dictionaries

Don’t use words in a dictionary to be your password (e.g. “cryptanalysis,” “mnemonic,” etc.). There are very powerful password-cracking utilities that can easily discover dictionary-based passwords. Unfortunately, this applies to foreign-language dictionaries as well, so choosing a password in French, German or Italian, for example, won’t make much difference.

Change Passwords Frequently

This applies to personal and business passwords. For example, some companies prompt employees to change their password every three months. It’s recommended that you change your password regularly as well. Remember to make the new passwords just as difficult, if not more so, than your old ones.

Add an Extra Dose of Security

If available, enable a website’s two-step ID verification and password recovery options. These make it more difficult for someone to take over your account simply by stealing your password, and also allow you to reset your password with your mobile phone through a series of text messages. Yahoo, Gmail and Hotmail offer one or both of these options.

You can also greatly increase your security at some popular sites by using the “always-on HTTPS” or “site-wide SSL” option. This extra step encrypts your entire session and everything you do at a site until you log out, ensuring that nobody can capture your credentials.

The process varies by exact site, but in general, you can visit the security section of your Account Settings page and enable “Secure Browsing” or “Enable HTTPS automatically.” Remember that not all websites offer this option.

Back Up Everything Regularly

Most cloud service providers provide a way for you to download everything for safekeeping. Use it. Also, back up your most important information to an external physical storage device.

Password Checkups Guard Against Hackers

Keep your email and other account info safe from hackers with these password checkup tips.

Passwords are familiar to anyone with an electronic device. You need them for your PCs, handhelds, email, social media pages, and more. With all these online accounts, it’s good to give your passwords a security checkup now and again. Here are some tips to help you create and manage strong passwords.

How Strong Is Your Current Password?

Login screen with weak password

If you've used the same password for quite a while, it's probably time to update to a longer, more-secure word or phrase.

Most sites have several password creation standards. These include use of combination characters — capitalized and lowercase — within a word; using one or more numerals within the word; no repeating characters; use of at least one “special” character, such as a question mark, asterisk or end bracket; and creating a password that is at least eight characters long. However, these standards can’t cover every situation. If any of the following apply, you’ll want to upgrade your password:

  • Your password is a name (your own, a coworker’s, family member’s, pet’s, or famous person).
  • You’re using your social security number, drivers license number, passport number, or some other identification number as your password.
  • The password includes repeated numbers, letters, or characters (111111, aaaaaa, !!!!!!), or has an exclamation point or question mark as the first character.
  • The password includes numbers or character combinations that are next to each other on the keyboard (123456, asdfgh).
  • You’ve had the same password for several years. Websites routinely upgrade their password requirements for new users, but they don’t always ask current users to change existing ones. As a result, you might be using a simple four-digit password, while newer users must create words of eight digits or more (see Figure 1).
  • The password is something that people might be able to guess from your wallet if it’s stolen, such as your favorite sports team.
  • The password is  used for multiple items, such as the PINs to your debit and credit cards.

Think Passphrase, Not Password

With more sites being able to accommodate ever-lengthening passwords, the passphrase becomes an even more helpful tool. Choose a sentence that you can remember, such as a quote, the title of a favorite book, or personal fact (e.g. “Goaheadmakemyday”). Make the passphrase harder to crack by using the first letter of each word in a phrase, and then add special characters and numbers. (For example, “Humpty Dumpty Sat On A Wall” becomes hdsoaw!9; “Mary Had A Little Lamb” becomes mha<L1LL.)

These passphrase-related passwords can become the foundation for a series of words that are easier to remember than separate passwords for each account. For example, the “Mary Had A Little Lamb” example, with some minor tweaking, could become the basis for several other passwords:

  • Facebook: mha<L1LL-Fb
  • Bank of America: mha<L1LL-B()fA
  • LinkedIn: Lin-mha<L1LL<L1LL

Change the Configuration of Your Password

Login screen with strong password

Using a new ASCII character -- available in your user name or password -- can make life very difficult for hackers.

Passwords don’t have to consist of completely alien-sounding tongue. There are several ways to up the security of your password while keeping it easy to read (and remember):

  • Add one or more spaces in the password — as in changing “hellothere” to “he llo there” or “hello there”. This allows you to keep whatever easy-to-remember phrase or combination you usually use. You just have to remember where you placed the extra spaces.
  • Substitute a couple characters and your security level goes up significantly: for example, a birthday password like “John090999″ can become “J()hn090999″. Move the birthdate around — for example, year first, followed by month and day — and the code is even harder to crack: “J()990909″.
  • If you’re a Windows user, you may be familiar with the Alt + numeric pad key combination that creates ASCII and Unicode characters which are not present on a regular keyboard. For example, when you use the number pad and press Alt + 3 in any text field in Windows, it will create a ? character. You can generally use a single ASCII character at the start and end of the password. So it would look something like: “?yourpassword?”. Note, however, that ASCII characters are not always recognized by websites or certain handheld devices, such as cell phones without a full keyboard. You’ll have to test these site-by-site, item-by-item to see where they actually work. Check here for a complete list of ASCII characters.

Be Careful With Security Questions

Many websites, especially financial ones, require you to answer several security questions when you set up your account. These are used to verify that you are indeed you if you forget your password, or if you dump collected cookies during a desktop cleanup, or even as a result of a software update. Try to avoid basic questions, such as your mother’s maiden name or the city where you were born, as this information can be obtained elsewhere. Go instead for questions to which only you (and perhaps immediate family members) know the answer. In many cases, you don’t even have to be truthful, as long as you can remember your answer. For example, you might choose security questions such as:

  • The first school you attended.
  • Your first pet’s name.
  • Your favorite color.
  • Where you first met your spouse.

Caveat: Make sure you haven’t disclosed such information on public sites such as Facebook, or these questions become as insecure as the more obvious ones.

Warning: Remember to ignore email messages asking you to change your passwords to your bank accounts — it’s a common phishing attack. If you get such a note, do not click any of the links. Go to the account website the way you would as if the message never existed.

Stay Away from Dictionaries

Don’t use words in a dictionary to be your password (e.g. “cryptanalysis,” “mnemonic,” etc.). There are very powerful password-cracking utilities that can easily discover dictionary-based passwords. Unfortunately, this applies to foreign-language dictionaries as well, so choosing a password in French, German or Italian, for example, won’t make much difference.

Change Passwords Frequently

This applies to personal and business passwords. For example, some companies prompt employees to change their password every three months. It’s recommended that you change your password regularly as well. Remember to make the new passwords just as difficult, if not more so, than your old ones.

Add an Extra Dose of Security

If available, enable a website’s two-step ID verification and password recovery options. These make it more difficult for someone to take over your account simply by stealing your password, and also allow you to reset your password with your mobile phone through a series of text messages. Yahoo, Gmail and Hotmail offer one or both of these options.

You can also greatly increase your security at some popular sites by using the “always-on HTTPS” or “site-wide SSL” option. This extra step encrypts your entire session and everything you do at a site until you log out, ensuring that nobody can capture your credentials.

The process varies by exact site, but in general, you can visit the security section of your Account Settings page and enable “Secure Browsing” or “Enable HTTPS automatically.” Remember that not all websites offer this option.

Back Up Everything Regularly

Most cloud service providers provide a way for you to download everything for safekeeping. Use it. Also, back up your most important information to an external physical storage device.