Creating Strong and Unique Passwords for Each Account

Whether you are making an online purchase, unlocking your phone, sending an email or viewing financial information, passwords protect everything that is personal and sensitive. We wouldn't leave our doors or a safe unlocked and make it easy for people to steal our valuables, so why do the same with our passwords with the same simple password for all of our accounts?

Time is money; even in cybercrime. The easier the password, the faster it is to crack. Criminals crack passwords in bulk; so once they have cracked enough easy passwords, they dump the difficult passwords and move on to the next phase of their crime.

Tips to creating strong passwords

The more complex your passwords are, the less likely they will be to crack. Use the following guidelines when choosing a password:

  • Combine upper and lower case letters.
  • Use no less than eight characters. Passphrases are best.
  • Include at least one number and one special character. The more, the merrier.
  • Make them easy to remember, but difficult to guess. For example, make them create a pattern on the keyboard.
  • Never use common words found in the dictionary or personal details like child or pet names, birthdates, addresses, etc.
  • While using the same password for multiple accounts is common and easy, it's a bad idea. Keep a unique password for each account or web site. Consider using password management tools like LastPass® or Password Safe®. These tools allow you to securely store all of your passwords in one place with one master password. Create unique, strong passwords for every web site without ever needing to remember more than your master password!

There are many more strategies for getting passwords. No matter what you come up with for your password creations, they need to make sense to you and no one else. If you must write them down, do it. Just keep it separate from your computer and mobile device and keep it out of plain sight.

How do criminals obtain my password?

There are many techniques for obtaining passwords and many of them have become very sophisticated. The top methods for cracking passwords (in no particular order) are:

  • Brute force attacks. This practices uses dictionary words working through all possible combinations of letters and numbers. This process takes a long time, so the longer the password, the longer it takes to figure it out.

  • Rainbow Tables. These are long lists of every possible plain text passwords. Attackers use these in password cracking software and can try a lot of passwords at the same time. This is why security experts recommend using longer passwords and phrases. The longer they are, the more time it takes for them to be found in these lists.

  • Social Engineering. The foundation of many security related breaches is social engineering - whether they are intrusions into a network or theft of a password to get into an account. At a basic level, social engineering involves getting users to give up passwords. Hackers are amazingly successful at getting information by pretending to be someone else and bringing victims into their confidence. A favorite scene for the social engineering actor is to call workers in an office posing as the IT person. They simply ask for passwords and it works.

  • Phishing. These messages try to coax users out of information. Often times they are trying to trick users into entering their username and passwords into bogus web sites that look real, then use those same credentials to log into the real site. They can then control your account. On an average day, more than 156 million phishing email messages are sent.

  • Guessing. Guess what? The completely unsophisticated method of guessing still works. People often create passwords based off of information that is not difficult to find out such as kids’ names, birth dates, pets names, etc. And this information is too often posted on blogs or social media profiles. A savvy hacker may use the aforementioned social engineering techniques to befriend victims and simply guess passwords.

  • Malware. This is software that ends up on a computer or device and can be used to log key strokes (key loggers) to redirecting a web browser to fake websites.