Some passwords are funny. Some are pretty weird. Some can be a math problem. Many can be laughably easy to hack (I give you “dadada,”“qwerty,” “password” and ”123qwe” to name a few). But one thing is for sure -- they are never really 100 percent hack proof.
Earlier this month, news broke that a significant number of Twitter passwords had been compromised and were being offered to anyone willing to fork over 10 bitcoins, or roughly $6,700. More than 32 million users were included in the cache of information on the cyber creep auction block. Hacked information database Leaked Source said in a blog post that it had received the data files from a user under an alias. Leaked Source said it did not pay for the files.
Your Information Is Out There
Twitter has told multiple news outlets that its systems were not breached. Leaked Source said the passwords appeared to have been grabbed by malware.
How to Keep People Out of Your Stuff
While knowing that your information is out there is an important piece of the personal data security puzzle, keeping your accounts safe is even more crucial.
There has been much innovation in the world of data security, but nothing has proven foolproof yet. Biometric authentication using fingerprint and iris scans is promising, but their adoption is far from universal and not without some spoofing issues.
There are tokens and cards that can complement passwords, but those are fallible for the reason that they can be stolen or lost.
Multi-factor authentication is probably the best way to deal with security issues, but it does not necessarily strike the best workplace balance between security and convenience. The Pixar movie “Monsters vs. Aliens” provides a comical scene that demonstrates why it’s not the most practical approach (the character has to provide a hand, foot, tongue, elbow and butt scan to gain access to the president’s situation room).
Passwords Are Still the Best Option
As things stand now, a password coupled with a second factor of authentication known only to the user — like a visual prompt — is the best personal security solution.
Because we have many accounts and they should all have separate passwords, most consumers have a problem keeping all that information straight. There are apps for that, of course, and if you are okay with cloud-based solutions — bearing in mind that nothing is un-hackable — you might want to check out a service like 1Password, which allows you to store all your passwords, PINs, credit card numbers and more. PasswordWallet 4 and Dashlane provide similar services. Bear in mind that they are not the only good games in town. So do your research and read reviews. Keep in mind, too, that some password managers charge for their services.
The upside to password valets is clear — you only have to remember one password. If that’s of interest, you still need to make sure that password is very strong.
Rules of the Road for Effective Passwords
If you decide not to use a password manager, never store your passwords and user names in a document that resides on your computer. Save them on an encrypted thumb drive. Then you only need to remember two things: Where you keep it and the password (hopefully long and strong) required for access.
The best practices here include a number of things you shouldn't do:
1. Try to avoid single words, since many password-cracking programs use the dictionary.
2. Avoid letters and numbers that are close to each other on the keyboard.
3. Never use a password based on personal information that could well be available on social media or via a data breach. This would include your birthday or the birthdays of loved ones, children’s names, pet names, your high school or college mascots and the like.
4. Never use a password on a retail site that you use anywhere else. If that site gets hacked and the same login information is on a bank account, you’re toast.
And a few things you should do:
5. Create an easier password for sites that don’t have a great deal of your personal information, like news sites, video streaming services and the like.
6. Consider using a password generator. (Bear in mind this generally requires using a password management system, bought or homemade.)
7. Create long and strong passwords containing a phrase at their core. One thing that a brute force attack cannot do is guess the first line of a poem you wrote in fourth grade, especially if you have a simple math problem embedded in the middle of a word of two.
Most of us have day jobs. Identity thieves and scammers view grabbing our information and exploiting it for their gain as their day job. Always assume there is a never-ending riot overflowing with looters happening just outside your cyber house. That’s why you must be thoughtful, inventive and vigilant when creating passwords, for they are the locks to all your virtual doors and windows — even when you are home.
Adam Levin is co-founder of Credit.com and IDT911. His experience as former director of the New Jersey Division of Consumer Affairs gives him unique insight into consumer privacy, legislation and financial advocacy. He is a nationally recognized expert on identity theft and credit, and is the author of SWIPED: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves, a practical, lively book that is essential to surviving the ever-changing world of online security.
Any opinions expressed in this column are solely those of the author.