Build a Better Password: Secrets to Protecting Your Identity
The worst password for 2012 was: “password.”
According to this report by SplashData’s annual list of the 25 most common passwords, there are a lot of people who don’t quite grasp the concept of identity theft. SplashData’s list is compiled from files containing millions of stolen passwords that hackers have posted online. The next two worst and most commonly used passwords were “123456” and, with a little more effort thrown in, “12345678.” Strangely, these were also the top three most commonly used passwords of 2011.
Common Password Mistakes
Creating an easily accessible password is a common mistake for a lot of people. Robert Siciliano, CEO of IDTheftSecurity.com, said that many people use first names as passwords, usually the names of spouses, kids, other relatives, or pets, all of which can be deduced with a little research.
“When you click the ‘forgot password’ link within a webmail service or other site, you’re asked to answer a question or series of questions,” he said. “The answers can often be found on your social media profile. This is how Sarah Palin’s Yahoo! account was hacked.”
The Federal Trade Commission (FTC) has come up with several ways consumers can be smarter about securing their identity information, including better protecting your Social Security number, surfing the Internet with more awareness of risks, and being more careful when disposing of mail that contains account information. One of the more reliable methods of identity theft is dumpster diving, which has helped some thieves find some real treasures, including banking and credit card statements. It’s often a good idea to invest in a paper shredder and to opt for email versions of financial statements.
Siciliano said there are many websites meant to infect computers and other devices and that this happens commonly when using unsecured wireless connections and outdated operating systems.
“Protect yourself by updating (software for) antivirus, anti-spyware, anti-phishing, and (install) a firewall,” he said. “Update critical security patches in your OS and update your browser.”
According to Siciliano, many hackers are beginning to move away from PC hacking and focusing their attention on mobile devices, especially Android, because it’s an open-source OS and the code is readily available to have viruses created around it.
The Persistence of Identity Theft
According to the FTC, identity theft costs Americans $1.52 billion in 2011 and has been the No. 1 complaint received by the organization over the past five years. According to the Reuters report, the number of complaints jumped from 1.4 million to 1.8 million.
But it’s not just the living who have a right to complain. The deceased are being taken through the ringer as well – they just don’t have to deal with the stress like everyone else. According to a PC World report, the IRS stands to lose approximately $21 billion in profits over the next five years, largely thanks to fraudulent income tax returns filed by hackers under the names of deceased individuals.
There might not be much the deceased can do to protect their Social Security numbers, but the rest of us can still take measures to stay safe. For example, the IRS does not contact individuals via email, so don’t trust any digital correspondence claiming to be from them. Additionally, if the IRS should send a letter, it is best to reach out to the IRS before initiating any compliance with the letter’s request.
OnGuardOnline.gov also has a few tips to help avoid being scammed or becoming a victim of identity theft:
- If the prince of a Nigerian castle sends you an email pledging to honor you and your estate with $16 million, rest assured he doesn’t have that kind of money on hand, he’s not an African prince, and his pledge is just an attempt to honor your bank account with a large withdrawal.
- There are plenty of online scams even on reputable dating sites. Be careful who you talk to, and avoid those claiming love at first emoticon wink or stating they can’t enter the country for some strange reason. And never wire money to anyone you meet through the site — this is a big signal of a scam.
- Everyone would love to work from home, but not everyone can be their own boss. Online companies promising people that they can make thousands of dollars every month just from working from their laptop a few hours a week are making promises they don’t intend to keep. One thing can be promised – they will definitely be asking for your personal financial information.
- Looking for a lender? Avoid the ones guaranteeing your approval — especially if they’re asking for money upfront.
Unbeatable Password Strategies
There are a number of ways to protect your passwords. As ingenious as “password” and the elaborate “123456” number scheme is, it may be a good idea to invest at least a little thought into protecting your privacy.
Big Think offered the idea to spell incorrectly on purpose. Just hopefully you won’t forget how you misspelled the password.
Siciliano said he doesn’t regularly change the password on most of his sites, only on the most critical ones. He added that most people don’t realize there are a number of common techniques used to crack passwords and plenty more ways we make our accounts vulnerable due to simple and widely used passwords. For those who now know they need to change their passwords as soon as possible, here are some tips from Siciliano on creating a stronger password and keeping valuable information safe:
- Protect your information by creating a secure password that makes sense to you, but not to others.
- Avoid consecutive keyboard combinations— such as “qwerty” or “asdfg.”
- Don’t use dictionary words, slang terms, common misspellings, or words spelled backward. These cracks rely on software that automatically plugs common words into password fields. Password cracking becomes almost effortless with a tool like John the Ripper or similar programs.
- Don’t use personal information such as your name, age, birth date, child’s name, pet’s name, or favorite color or song.
- Reusing passwords for email, banking, and social media accounts can lead to identity theft. Two recent breaches – HBGary and rootkit.com – showed a password reuse rate of 31% among victims.
- Make sure you use different passwords for each of your accounts.
- Be sure no one watches when you enter your password.
- Always log off if you leave your device and anyone is around — it only takes a moment for someone to steal or change the password.
- Use comprehensive security software and keep it up to date to avoid (keystroke loggers) and other malware.
- Avoid entering passwords on computers you don’t control (like computers at an Internet café or library)—they may have malware that steals your passwords.
- Avoid entering passwords when using unsecured Wi-Fi connections (like at the airport or coffee shop)—hackers can intercept your passwords and data over this unsecured connection.
- Don’t tell anyone your password. Your trusted friend now might not be your friend in the future. Keep your passwords safe by keeping them to yourself.
- Depending on the sensitivity of the information being protected, you should change your passwords periodically, and avoid reusing a password for at least one year.
- Use at least eight characters of lowercase and uppercase letters, numbers, and symbols in your password. The more, the merrier.
- Strong passwords are easy to remember but hard to guess. Iam:)2b29! — This has 10 characters and says “I am happy to be 29!”
- Use the keyboard as a palate to create shapes. %tgbHU8*- Follow that on the keyboard. It’s a V. The letter V starting with any of the top keys. To change these periodically, you can slide them across the keyboard.
- Have fun with known short codes or sentences or phrases, like 2B-or-Not_2b?
- It’s OK to write down your passwords, just keep them away from your computer and mixed in with other numbers and letters so it’s not apparent that it’s a password.
- You can also write a tip sheet that will give you a clue to remember your password, but doesn’t actually contain your password on it. For example, in the example aforementioned, your tip sheet might read “Shakespeare’s question.”
- Check your password strength. If the site you are signing up for offers a password strength analyzer, pay attention to it and make your password as strong as possible.
- In the end, it’s your responsibility to protect yourself. The rule of thumb is to change your passwords frequently, every six months.
Being untouchable online isn’t really a possibility, but taking the right measures to protect yourself will help keep a majority of hackers at bay from infiltrating your information and stealing your identity. As the complaints continue to pour in year-after-year, do your part to ensure you’re not one of the many to make that phone call to the FTC.