Your Bank > Education and Advice > CNB University

World Password Day

By John B. Folkerts, CISSP, Information Security Manager, Canandaigua National Bank & Trust

Is your password still doing its job?

May 6th is World Password Day, a day set aside for ensuring that your password is still doing its important work. Is it keeping your personal and financial information secure? Or is it a weak link in your personal security practices? Let’s consider some ways to ensure that your password is still effective to protect you.

Your password should be a secret

A password is only good if it is a secret. No matter how complex or unusual, if your password becomes known to anyone, change it immediately! Studies suggest almost 60% of internet users do not share their passwords with anyone else (family members, etc…), but for those who do, this can lead to unauthorized access and even fraud. If you need to provide others with backup access to your passwords, put them in safe place -- with critical documents, papers, and media -- and seal them in an envelope.

Avoid personal information in passwords

It seems clever to put names of kids, pets, spouse or self in a password, however these are especially easy to guess, so avoid including any personal information in your password. A password with random association to yourself is best.

Create unique passwords for different purposes

Recent studies have shown that many people may reuse a password across multiple websites. This causes a problem in that not all websites have the same level of importance or risk. Internet attackers frequently have success using stolen passwords from one website on another more critical website to obtain private information or commit fraud. It is particularly important to maintain separate passwords for banking and other sites where financial transactions may occur.

Use complex passwords

Automated guessing of passwords is relatively easy to do on the Internet. But, using a long enough password, with multiple types of characters (small letters, capital letters, numbers, symbols) has been shown to improve your odds against such password attacks. Keep your passwords relatively long (12 characters or more if possible), use multiple words in sequence, misspell in ways that you can remember, and insert numbers and symbols to make for a complex password.

Consider using a password manager

Since it is difficult to create unique and complex passwords for every website, consider using software that will do the work for you. Password management software is available which will 1) create unique, complex passwords when you need them, 2) paste your managed passwords automatically into your web login forms, and 3) allow you to keep a list of saved passwords for reference later. You can even use a password manager to provide access to a trusted family member if you so desire. A review of password managers can be obtained here.

What grade does your password get?

Does your password make the cut? Is it doing its job successfully, or is there room for improvement? Since its World Password Day, maybe you should take the time to change it and make it better. Also take a look at managing your passwords better overall, or even enable two-factor authentication if the option is available to you. Make sure that you are getting the protection you deserve!