November 22, 2011 by David K. Sutton
You Aren’t Doing Enough To Secure Your Accounts
That statement is probably true when it comes to everyone. There’s always more that you could do to secure your online bank accounts and other online accounts with sensitive information. At a minimum you should never use the same password for multiple accounts. If you do use the same password for multiple accounts they better be accounts that don’t contain any sensitive information. Using the same password for a bank account and – for example – your email account is a really bad idea.
In addition to using unique passwords you should also be using secure passwords that have no easily identifiable meaning to a potential hacker. Here is my advice for creating a secure password that is easy to remember.
Never use words, phone numbers or anything else that could be identified or is otherwise meaningful. Try to think up a pattern that only you know. It could be the first 3 letters (or less if any words are shorter) of each word of a song title or song lyric. So for example the following lyric “I was a Superman but looks are deceiving” turns into “iwasasupbutlooaredec”. While it doesn’t use numbers or symbols it’s still a very secure password because it means absolutely nothing and is 20 characters long. The longer a password the more time it would take to crack via brute force. In this example only you know which lyric or song title you chose and only you know how many characters of each word you used. Even though this password example is 20 characters long it’s very easy to recall as you type.
You can change it up by adding numbers in between each of the truncated words. It could be as simple as counting from 1 to x where x is the number of words. With this revised scheme the above password turns into: “i1was2a3sup4but5loo6are7dec8”. This new password is 28 characters long and is very secure. This one takes a little bit more time to process in your brain as you type but it’s still easy to recall.
You don’t need to use a song title or lyric as long as this one to make a secure password but I recommend that your password is at least 10 characters long. You also can use other phrases or quotes or you can come up with you own easy to remember scheme.
Right about now you may be thinking that this is great but do I have to do this for every account? The short answer is yes. If the idea of doing this for every account is daunting you might want to consider using a password manager. The basic idea of any password manager is that you only need to remember one password to gain access to the password manager – so you better make this one password really secure! The password manager is responsible for maintaining the usernames and passwords for all of your accounts. This can be automated – the password manager controls the whole process and automates the login – or it can be manual – you look up your username and password in a secure list – or it can be both.
The password manager I use is called LastPass. It can be an automated password manager that fills in your login crendentials as you visit online accounts. It can maintain a manual list of account usernames and passwords. Or it can do both. In addition to storing usernames and passwords you can also use “secure notes” to maintain other information securely. This is all accessible through the LastPass website or via the LastPass browser plugin for Internet Explorer, Chrome, Firefox, etc. Did I mention LastPass is free? If all you need is their browser plugin – which can be installed on as many computers as you want – or access to their website then the LastPass service is free. If you also would like to use their app for iPhone, iPad, Android, etc. then you can upgrade to Premium for a small fee of $12 yearly, which I think is worth it.
Whatever password manager you choose to use, or if you just plan to remember all of your passwords – good luck! – you definitely should consider making all of your passwords more secure and make them all unique! If you find you have dozens – even hundreds – of accounts like I do you might want to try out a password manager like LastPass. Just for the record, I have no connection to LastPass. I’m just a satisfied customer.
