Password protection should be a priority for us all. Just this week, social networking site Twitter said that it found a bug that caused passwords to be stored incorrectly, posing a risk to users’ privacy.
Twitter has more than 336 million users, many of whom use the site on a regular basis. But even if you signed on for an account but don’t use it, this disclosure by the tech company should get your attention.
“We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone,” Twitter Chief Technology Officer Parag Agrawal said in a blog post on May 3. He said that it’s recommended that all Twitter users change their password “out of an abundance of caution.”
How to pick a strong, secure password
But what makes a good password? Should it be a random assortment of letters and numerals or should it be comprised of words or phrases that we can readily call to mind?
A 2013 Google study in the UK found that most people choose relatives’ birthdays, wedding anniversaries and their children’s names as passwords. Also ranking in the top 10 for passwords? “Password.”
Such a lackadaisical approach to password protection can put your identity at real risk. Late last year, Google revealed that hackers steal 250,000 web logins on a weekly basis. Raising the ante is the fact that criminals can employ computers that can scan massive databases to guess untold numbers of passwords per hour.
Even those two or three security questions that many sites require you to answer can be compromised by clever humans. All a person has to do is take a gander at your Facebook account and they may be able to figure out your favorite vacation spot, your mother’s maiden name and even your best childhood friend. (Tip: Make up bogus answers to your security questions, and remember them.)
That being said, here are some tips on picking a password that can stand up to hackers.
Literally make something up: Short phrases are out, loooooong incoherent strings of letters and numbers are in. The key to a strong password is to not tip off your behavior or lifestyle in any way. Remember what you come up with.
Use a password manager: Password managers store all your passwords in one place behind a secure encryption key. The beauty of it is all you have to remember is that single code. The top free ones like DashLane and LastPass have had security issues in the past that have been reportedly fixed. Here are some more.
Use a password checker: There are a number of online tools that will test whether your password is up to snuff. Among the best are HowSecureIsMyPassword.net, powered by Dashlane, Passwordmeter.com, and Password Checker by the National Information Solutions Cooperative.
Don’t save your password in your browser: No matter how many times Google Chrome asks you whether you want to save your password, always say no. If you don’t, you will have considerably raised the stakes in the unfortunate event that you lose your computer, tablet or phone for even a short period of time.
Don’t use the same password on different accounts: It’s easy and saves time and brain power, but having the same password for multiple accounts is a quick way to have your entire digital life hijacked.
Password cracking has become such a sophisticated sport that the hackers know all the conventional options you may try to use. Or, as Sophos tech site Naked Security puts it: “They know that some words are used more often than others and they know about the cute tricks and bad habits we use to obfuscate them. They know that we use 0s instead of Os and 4s instead of As, and they know that we tend to put our upper case letters, special characters and numbers at the beginning and end of our passwords.”
The Clark-approved way to protect your info: Two-factor ID
Nothing is foolproof in this day and age, but by using two-factor identification you employ one of the most practical methods of protecting your personal data.
Money expert Clark Howard believes that two-factor ID, along with fingerprint readers and voice recognition, is where real security lies.
Two-factor authentication requires the user to enter more information as an additional step to verify their identity. It is often called two-step authentication or verification.
In many cases, the extra step consists of a unique key sent to your phone or email. In all cases, whether it’s used on your bank website or some other account, it will make you feel better knowing that an added layer of security is in place to safeguard your information.
To see how secure your bank website is, check out Two Factor Auth, which keeps a running list of financial institutions that use two-factor authentication.