As your personal business life becomes accessible in digital form, using strong passwords to keep that information safe and secure is more important than ever. The proliferation of Web 2.0 services such as online payment, banking, accounting and payroll services means that your company’s most sensitive information is accessible to anyone with the proper login.
Relying on your pet’s name for a password just doesn’t cut it anymore. The only thing worse is having your passwords scrawled on a sticky note under your keyboard – you know who you are.
The Basics
Security experts agree: Most people have passwords that provide woefully inadequate protection against hackers and identity thieves. That’s because a password that’s easy to remember is also easy for an automated hacking program to guess, and one that’s hard to guess is also hard to remember—and winds up on that sticky note. But there are a few tricks that can help you come up with complicated passwords that will still be easy for you (and only you) to remember.
First and foremost, don’t use the same password ‑ even if it’s a strong one ‑ for everything. If you do, and one password becomes compromised, all your data or online accounts are at risk.
“A good technique is to come up with a base password, and then just change it a bit for every site,” advises David Ulevitch, CEO of OpenDNS, the leading provider of Domain Name System services. For example, your banking log-in for Bank of America could be ca$h!cowBoA, while your QuickBooks online accounting password could be ca$h!cowQB.
Which brings up a second point: Be sure to use a mix of upper- and lowercase letters, number, and symbols. The reason? Automated hacking programs can cycle through all known words (spelled both forward and backward), plus common names (including Fido and Queenie), in a matter of minutes.
“The best way to do strong passwords is to simply replace letters with characters and numbers, and make use of other keyboard tidbits,” advises Eric Green, president of ELG Consulting and a consultant to SCIPP International, the first non-profit security-awareness training certification organization. So while NYYankees is a weak password, it can be made stronger (and still remain memorable) with the simple tweak to NY_Y@nkee$$.
Another trick is to think of a passphrase that is meaningful to you and that can be turned into an acronym (again, with some symbols in place of letters). So, for example, the fact that my first car was a 1964 Buick Electra could become the PayPal password MfCw@!964BE!PP. And if you are worried about forgetting it, you could write down a reminder for yourself that will be useless to others, like “first car sentence.”
Other Observations
Ultimately, the security of your password (and hence your data) is only as secure as the site you enter it into. “When doing any work online and entering any kind of personal information at all, make sure the little pad lock is at the bottom of your screen indicating the site is using SSL (Secure Socket Layer) to encrypt your data,” cautions Green. “The strongest password in the world is a waste if someone can simply copy that information over an insecure network.”
Also be aware of keylogger programs and other malware that can lurk on a PC, recording your keystrokes and surreptitiously sending them to a hacker. The string “www.paypal.comjohndoefido” lets the thief know that a PayPal user name is John Doe and that the user’s password is Fido.
So never enter a vital password at a public computer terminal (such as at an Internet café), since you don’t know what programs people have installed onto the computers. And on your own home and business PCs, be very careful what you and your employees load (in fact, in Windows block employees from loading programs altogether) and be sure each PC’s spyware program (such as SpySweeper) is up to date.
Jamie Bsales is an award-winning technology writer and editor with nearly 14 years of experience covering the latest hardware, software and Internet products and services.
This article was first published on SmallBusinessComputing.com.