Creating Strong Passwords
Imagine the vulnerability of losing your wallet or purse, knowing that someone could gain access to your identity and financial accounts. The same holds true if criminals steal your online passwords. They could open new accounts and max out your credit limit. Change your mailing address and have items (and bills) sent to them. Withdraw money from your bank accounts. Apply for loans under your name. In many cases, you may not notice these attacks until it is too late.
Think of your passwords as if they were keys to your home and everything you own. Given their importance, it just makes sense to create strong passwords, and then take precautions to protect them. Be aware that password cracking tools continue to improve and the computers used to crack passwords are more powerful. Network passwords that once took weeks to break can now be broken in hours.
What Makes a Strong Password?
Fortunately, it’s not hard to create strong passwords —
it just takes a little extra effort. The goal is to make a password appear to be a random string of characters to hackers, but easy for you to remember.
Here’s what to do:
Make it lengthy. Each character added to your password increases the protection it provides many times over.
Your passwords should be 8 or more characters in length; 14 characters or longer is ideal.
Combine letters, numbers, and symbols. The greater variety of characters that you have in your password, the harder it is to guess. Choose from all the symbols on the keyboard, not just the most common characters. Have at least one symbol in the second through sixth positions.
Use a sentence as the starting point. Think of a memorable sentence, take the first letter of each word, then mix up lower case and upper case, and replace some letters with numbers and symbols.
Avoid sequences or repeated characters. Passwords such as "12345678," "222222," "abcdefg," or adjacent letters on your keyboard do not make secure passwords.
Don’t use dictionary words. Criminals use sophisticated tools that can rapidly guess passwords that are based on words in multiple dictionaries, including words spelled backwards, common misspellings, and substitutions.
Have different passwords for different places. Create strong passwords for any online transaction where your credit is at stake. Create one "lightweight" password for online access to resources like magazines and newspapers.
Handle with Care
Your passwords protect valuable information and assets. To help keep them secure and away from criminals, use the following strategies:
Don't tell all family members. For example, it's fine to share the password to your joint banking account with your spouse, but keep passwords hidden from children who could pass them on to less trustworthy individuals.
Be careful about storage. Make sure you store any written records of your passwords in a safe place that would not be obvious to intruders.
Never provide your password by e-mail or based on an e-mail request. Any e-mail that requests your password or requests that you to go to a website to verify your password is almost certainly a fraud. This includes requests that appear to be from a trusted company or individual.
Change your passwords regularly.This makes it much more difficult for criminals and other malicious users to figure out your passwords. Put yourself on a schedule to change passwords at least every six months.
Do not type passwords on public computers. Computers such as those in hotel lobbies, libraries, Internet cafés, and airports should be considered unsafe for any personal use other than anonymous Internet browsing. Do not use these computers to check e-mail or bank balances, or any other account that requires your user name and password. Criminals can purchase keystroke logging devices to capture your passwords after you leave the computer.
Be careful with the "Remember My Password" feature. This feature should never be used on websites containing valuable personal information. But it’s fine to take advantage of the convenience of this feature for things like online magazines.
If Your Password is Stolen …
Fraud and identity theft can still happen to you despite your best efforts at creating strong passwords and protecting them. There are no guarantees. No matter how strong your password is, if someone breaks into the system that stores it, they will have your password.
Be sure to carefully monitor all the information you protect with your passwords, such as your financial statements, credit reports, and online shopping accounts. If you think your identity has been stolen or you’ve been defrauded, immediately follow the steps below.
1. Close affected accounts.
If you believe you've accidentally provided sensitive information (such as your password) to a scammer pretending to be a legitimate company, contact the real company as soon as possible and close affected accounts.
2. Change all online accounts.
When you change your passwords, be sure to select strong ones.
3. Place a fraud alert on your credit reports.
Contact these three credit bureaus:
Equifax (800) 525-6285
Experian (888) 397-3742
TransUnion (800) 680-7289
Get a copy of your report from each bureau and review them carefully. Make sure your account is flagged with a "fraud alert" tag.
4. Contact the proper authorities.
If you’re a victim of any type of identity theft, you can report it by calling the FTC's toll-free Identity Theft Hotline at (877) ID-THEFT or (877) 438-4338. You also need to file a report with your local police department. Then get a copy of the police report to notify creditors that you are a crime victim, not a credit abuser.
5. Save everything.
As you complete these steps, always print hard copies of documents for yourself.
Test Your Password Instantly
Once you’ve created a new password, find out just how strong it is by visiting: www.microsoft.com/protect/yourself/password/checker.mspx
Simply type in the password you’re considering, and Microsoft’s Password Checker will instantly rate it from Weak to Best. If yours doesn’t rate well, it’s back to the drawing board. Keep testing new passwords until you find one that rates high.