Today is "National Change Your Password" day and if it's like any other day, chances are you have already used at least half a dozen devices, apps, or websites that required a password or pin number. While money makes the world go round, without a set series of numbers, you're probably not going to get your hands on it. Whether it's using your atm card, shopping at the grocery store, checking your Facebook feed or logging onto your computer, at any given time there are always letters and numbers that are probably circling around in your head. Keeping them in check is no easy task, so why not just use the same password for everything, right? WRONG!
More than three million incidents of identity theft and fraud were reportedly received in 2018 and last year reports of multiple data breaches for several well-known businesses made national headlines. Changing your password is no guarantee that you won't become a victim of identity theft, but it is an important measure you can take to better protect yourself. Here are a few tips from the Department of Homeland Security on how to do it.
Passwords are a common form of authentication and are often the only barrier between you and your personal information. There are several programs attackers can use to help guess or crack passwords. By choosing good passwords and keeping them confidential, you can make it more difficult for an unauthorized person to access your information. - CISA (Cybersecurity and Infrastructure Security Agency)
1. Avoid Common Mistakes:
What could be easier to remember than your birthday? The trouble with using personal information like your date of birth, address, or phone number is that those pieces of information are often easy to track down, so it becomes easier for an attacker looking to crack the code. Using full words is also something to avoid with so-called "dictionary attacks" that attempt to pick up on words or phrases. One of the best ways to come up with a clever password is to use a series of words with memory techniques or mnemonics. Instead of using the word "football" as your password, try using IltwFbg ... which stands for "[I] [l]ike [t]o [w]atch [F]oot[b]all [g]ames". Use both lower and upper case letters and make it even stronger by adding in numbers when you can - such as Il2wFbg.
2. Length and Complexity:
According to the National Institute of Standards and Technology (NIST), you should try to use the longest password allowed. The longer the password, usually the harder it is to crack. Keep in mind once again that you should avoid common phrases. Try to use a mix of upper and lower case letters along with numbers and special characters when permitted.
3. Don't Reuse:
You've done it! You've come up with the perfect lengthy password that contains special characters, numbers, and upper and lower case letters inspired by a mnemonic phrase that avoids using basic personal information. It's so good that you want to use it everywhere - but don't! Federal security officials warn that re-using a password - even a strong one - can be just as dangerous as using a week password. Think about it. If an attacker happens to crack the code for that one password, not only will one of your accounts be in jeopardy, but ALL of them.
4. Keeping Track:
So, if you've followed the steps above you now have a slew of new passwords that will most likely be somewhat challenging to remember because of their complexity. Be careful how you keep track of them all. If you write them down, make sure they are in a safe place where no one else has access to them. The Cybersecurity and Infrastructure Security Agency (or CISA) suggests using a password manager program that offers randomly generated passwords for all of your accounts that can be accessed with one master password. Just make sure your master is as strong as it can be.
Hopefully, these tips have made it a little easier to come up with some strong passwords to help you lessen the threat of becoming a victim of cybercrime. Remember to always be careful when it comes to using public computers or wi-fi, especially with sites that contain personal information, and trust your gut if you receive a phone call or email that has you second-guessing its legitimacy when it comes to asking for personal information.
I recently received an email saying my Apple account had been suspended as a safety measure because of suspicious activity. It asked me to verify my account by logging on in the next 48 hours to prove that I was in fact still in charge of the account. I decided to call Apple directly by researching a customer service number and learned that the email was, in fact, a phishing scam. Had I clicked that link, the computer I'm writing this article on right now may have been in for repairs of some unknown virus or worse ... I could have been dealing with a case of identity theft myself.
For more information on how to better protect yourself from attackers looking to get their hands on your personal information - visit https://www.us-cert.gov/ncas/tips/ST04-014 .