Secure Your Passwords

Security begins with your passwords. Too often people choose unsecure passwords and/or don’t take the necessary precautions to protect their passwords (even secure passwords). Hackers know this, and they exploit this weakness. It is critical you lock down your passwords to prevent them from falling into the wrong hands. What can you do? What should you do? Here are some suggestions:

  1. When you choose a password, it is critical to choose one which is difficult to impossible to guess or crack. Strong passwords are passwords that cannot be easily hacked or guessed. They should be random strings, consisting of upper case letters AND lower case letters AND numbers AND special characters (non-alphanumeric characters like !@#$%^&*()_+-={}|[]\:;””<,>>?/). Password should be random and nonsensical. You can use our PassMeter Tool to analyze your password, and generate strong passwords. This is very important. And, at all costs, AVOID popular passwords: you can use our PassPopular Tool to check your password.
  2. Secondly, you should NEVER use the same password twice. Always create a unique and different password for each instance (e.g., website).
  3. Change your passwords on a regular basis. Don’t become complacent. How often? In the case of strong passwords, we recommend every 60-90 days. Otherwise, every 30 days. It’s a lot of work, but you got a lot to lose otherwise: especially in the case of passwords which protect sensitive information like banking passwords.
  4. Do NOT ever share your passwords. NEVER. No one claiming to represent a site (e.g., bank, government institution, school, etc.) would ever request your password. If they do, deny the request. Same goes for anyone including family, friends, co-workers, etc. if they request your password: regardless of the underlying reasons.
  5. Be watchful and vigilant of emails spoofing trusted sites or reps of the sites. What they do is to include a link to a site for you to login. The site is also spoofed, and not the site you know. What they are attempting to do is to steal your information including your password. Carefully check the URL you see in the email or text. If it does not exactly match for what you have the URL of the site you know, do NOT the URL. Hackers can be clever. If your bank URL is bigbank.com, they could spoof (disguise) the URL as bigbank.somedomain.com. This does fool many people. Be careful.
  6. Only login to a site if they are using SSL (Secure Sockets Layer). Such sites use HTTPS instead of HTTP, so the connection is secure and encrypted. Your information including password are not passed as plain text, but instead as encrypted. That way, anyone listening on the connection cannot intercept and gather your login details.
  7. On a regular basis, check if a site or system you have an account with has been breached. It happens more often than you think, and can affect millions and even tens of millions of users. You can use our PassChecker Tool to do this. If your have an account on a site listed as breached or compromised, act quickly and immediately! Change your password ASAP: following the rules we laid out in (1) above.

If you follow ALL the suggestions above, you should be well protected! And this applies to webmasters, IT workers, company and governmental employees, students, web surfers, and anyone (which is like everybody) who has passwords. Protect and guard your passwords because they are worth their weight in gold: to you AND hackers.

Published
Categorised as Passwords