So how many times have you had to type in a password today? And did you remember them all?
If you’re like the average Internet user, you probably have at least two dozen online accounts that require a password. And no, it’s not wise for you to have the same password for every account or let your browser remember your pass codes for you.
A few months ago hackers stole 6.5 million passwords off the LinkedIn website. That same day, 1.5 million passwords were stolen from the dating website EHarmony. The most common passwords were simple to crack, such as 1234 or 12345. If you were one of the victims who used such a lazy code or reused passwords, hackers could have access to all your accounts and maybe even your cash.
So how do you create secure pass codes and still manage them all?
The first step in protecting yourself online is to create more complicated passwords that use both numbers and letters and are more than six characters long. No more using “Password” or your favorite pet’s name.
But Internet experts stress that even more important than creating a strong password is making sure you don’t use the same password on every site you go to across the Internet.
“A really complex password that gets you into everything is not a good strategy,” said Geoff Webb, marketing director of Credant Technologies, a security firm in Texas. “I’d rather see people have different passwords than strong passwords.”
That’s good advice, but you may find you need some help executing it. After all, how are you supposed to remember a different password for every site you visit? You may be tempted to use the autofill function on the Web browser, but experts recommend against it because anyone who uses the browser will be able to access your accounts.
A more secure way to keep track of your secret code is to download one of the many password managers available online. One of the most popular is RoboForm. It’s a plug-in that collects your passwords as you make your way around the Web, encrypts them and stores them either on your computer or on the company’s servers, or sometimes both.
If you come up with a complicated password that you are likely to forget immediately, no problem. The password manager will remember it and automatically fill it in when a pass code is requested the next time you’re on the site. Many of the password managers even generate obscure passwords for you.
Security experts said a password manager is a good way to secure your codes from most hackers, but there are downsides you need to consider. There is still the risk that sophisticated hackers can come after your password manager and get all the stored pass codes in one swoop.
“You need to think about how hard you want to make it for an attacker, compared to how hard do you want to make it for you to use and how much risk are you willing to take that the system might fail,” Webb said.
Bari Abdul, vice president of security software company Check Point’s Consumer Business, suggests consumers use password management systems to help them log in to shopping and media websites, but not sites with highly sensitive information.
“A password manager can make your life convenient, but we don’t recommend that you always use it,” he said. “Access to your banking information and medical information should have a password that is unique and hard to decipher, and it is best not to put it on the password manager.”
To remember his most sensitive passwords, Abdul created a password-protected Excel sheet with hints that will remind him which password goes where.
For example, one hint might look like xXxxXx356, which might correspond to case-sensitive pass code bAnaNa356.
“If someone breaks into your computer and figures out the password to your Excel sheet, they will still have to figure out your hints,” he said. “It’s a layered approach to security.”
If all this sounds too exhausting, you might consider taking your password management system off-line completely and go old school.
Last year CG Publishing put out a spiral-bound notebook called “Forgot Your Password?,” which bills itself as a “confidential handbook to keep all your user names, passwords and websites at your fingertips.”
You’d have to go through the hassles of resetting all your passwords if you lose it or if it gets stolen, but at least the hackers can’t get to it.