Page Menu

Secure Your Online World

News

Simple, smart strategies for password security

Laptop with login page displayed on the screenRemembering passwords for websites or online services can certainly be confusing — but not nearly as confusing as sorting out your life after identity theft. In fact, bad passwords are one of the top ways that hackers and identity thieves gain access to private information. “It doesn’t matter if you have the best firewall in the world; bad passwords can still make you vulnerable,” says Michael Ramage, director of the Center for Telecommunications Systems Management at Murray State University. With that in mind, here are some ways to be sure your passwords aren’t leaving you open for a cyber attack.

Don't Use a Common Password

People want a password they can remember, but many people keep it too simple. Hackers know common passwords, and those are some of the first ones they try if they are cracking your accounts. “Most people want the convenience over the security because they don’t think it’s going to happen to them,” Ramage says. Avoid these simple, commonly used passwords:

  • 123456
  • password
  • 12345
  • 12345678
  • qwerty
  • 123456789
  • 1234
  • baseball
  • dragon
  • football
  • 1234567
  • monkey
  • letmein
  • abc123
  • 111111
  • mustang
  • access
  • shadow
  • master
  • michael

Use Strong Passwords

Multiple colorful login boxesThe best passwords are chains of letters, numbers and symbols, rather than words that can be found in the dictionary. Using a known word and replacing “o” with “0” or “E” with “3” isn’t hard for hackers to figure out. “Hackers know that people do that,” Ramage says. “Any word that’s in the dictionary will be broken in a matter of seconds.” Ramage suggests making a string of letters than mean something to you, such as the first letters of words in your favorite quote, song or Scripture verse. For example, instead of “baseball,” try Tmottbtmottc9, which is the first letter from each word in the first two lines of “Take Me Out to the Ballgame” and 9 for the number of players on the field. “It doesn’t have to be random letters; it just has to look random to the bad guys,” Ramage says.

Use Different Passwords

Once you have a strong password, it can be tempting to use it over and
over online. But that’s a mistake. Ramage says there are many cases where a person’s social media account has been hacked, which leads to other accounts being compromised because the same password was used. If hackers steal a password and user ID, they know to go and try that same combination at other sites. “A lot of times people think, ‘I have a strong password, and I’m going to use it everywhere,’” Ramage says. “How many other things that matter share that same password?”

Be Careful Where You Put Your Passwords

Sticky note that says "See my password on the back"With the need for multiple strong passwords, it can be tough to remember them all. Ramage has seen plenty of password lists taped to monitors or keyboards. Such lists, especially in places where plenty of people come and go, pose a significant risk. “It has to be private, and it has to be secret,” says Ramage. He suggests using an encrypted password database program such as 1Password, Last Pass, Password Vault or Key Pass. The programs keep all of your passwords for you, and with a browser plug in, they can even automatically fill out your login information when you pull up a page.