By John B. Folkerts, CISSP, Information Security Manager, Canandaigua National Bank & Trust
May 4th is World Password Day, a day set aside for ensuring that your password is still doing its important work. Is your password keeping your personal and financial information secure? Or is it a weak link in your personal security practices? Let’s consider some ways to ensure that your password is still effective to protect you.
A password is only good if it is a secret. No matter how complex or unusual, if your password becomes known to anyone, change it immediately! Studies suggest almost 60% of internet users do not share their passwords with anyone else (family members, etc…), but for those who do, this can lead to unauthorized access and even fraud. If you need to provide others with backup access to your passwords, put them in safe place -- with critical documents, papers, and media -- and seal them in an envelope.
It seems clever to put names of kids, pets, spouse or self in a password, however these are especially easy to guess, so avoid including any personal information in your password. A password with no special association to yourself is best.
Recent studies have also shown that many people reuse passwords across multiple websites. But not all websites have the same level of importance or risk. Internet attackers frequently have success using stolen passwords from one website on another more critical website to obtain private information or commit fraud. It is particularly important to maintain separate passwords for banking and other sites where financial transactions may occur.
Automated guessing of passwords routinely happens on the Internet. However, if you use a long enough password, with multiple types of characters (small letters, capital letters, numbers, symbols), this has been shown to improve your odds against such password attacks. Keep your passwords relatively long (12 characters or more if possible), use multiple words in sequence, misspell in ways that you can remember, and insert numbers and symbols to make for a more complex password.
Since it is difficult to create unique and complex passwords for every website, consider using software that will do the work for you. Password management software is available which will 1) create unique, complex passwords when you need them, 2) paste your managed passwords automatically into your web login forms, and 3) allow you to keep a list of saved passwords for reference later. You can even use a password manager to provide access to a trusted family member if you so desire. For more reasons you should use a password manager, read Passwords, Safe and Easy!
Is your password doing its job successfully, or is there room for improvement? Maybe you should take the time to change it and make it better. Start using a password manager and enable two-factor authentication if the option is available to you. Make sure that you are getting the protection you deserve!