10 ways to scam-proof your password
Feature
by Rebecca Rutt
Although no password is completely unbreakable, by following our quick and simple tips you can give yourself a better chance against the fraudsters and lower the risk of your account being hacked.
1. Choose a long password
The longer the password the harder it is for a fraudster to guess and the ideal length is between 10 to 16 characters. Many websites automatically ask for a password with a minimum or maximum number of characters - always try to go for the maximum.
2. Mix & match
Try to make it as complicated as you can remember and include letters, punctuation, symbols and numbers. Use the entire keyboard, not just the letters and characters you use or see most often - the greater the variety of characters in your password, the better.
However, password hacking software automatically checks for common letter-to-symbol conversions, such as changing "and" to "&" or "to" to "2".
3. Change it on a regular basis
Keep it varied and change it often. Set an automatic reminder for yourself to change your passwords on your email, banking, and credit card websites at least every three months.
4. Don't use the same password for everything
Although it may be tempting to use the same password for everything, cybercriminals know this and usually steal passwords on websites with very little security, and use the same password and username in more secure environments, such as banking websites.
If you want to check just how secure your chosen password is, use a free tool like the Microsoft password checker (microsoft.com/security/pc-security/password-checker.aspx).
5. Pick one you won't forget
Don't make your password too difficult to guess and if you struggle to remember it, create a memory device to trigger a password. Phrases tend to be more secure than single words. Try choosing a sentence from your favourite song, poem or book, but mix it up by creating a password using the first (or even the last) letter from each word.
6. Don't use a single word
Never use a single word you might find in the dictionary in any language. Hackers often use an automated program - known as a 'dictionary attack' - to attempt the words of the dictionary. Also avoid using common sequences or repeated characters, such as, 12345678, 222222 or abcdefg.
7. Unclick the remember option
Don't allow your computer to remember your passwords. Even if no one else uses your computer, if it is stolen the thieves will be able to access your private information and even hijack your identity.
8. Mix different type of characters
Take advantage of the shift key; use the available characters - such as > or % - in addition to numbers and capital letters. Mixing different types of characters will make your password much more secure.
9. Don't be too obvious
Be careful about picking passwords that could be easily obtained by fraudsters - for example, your mother's maiden name, your home address or your date of birth.
10. Go random
Some of the most successful passwords are made up of four separate words with no link to each other.
Andi Hindle, spokesperson for Ping Identity, says: "There are no uncrackable passwords, but by choosing four random words, such as 'pink, chestnut, gin, barley,' you can create a password that is mathematically the hardest to guess." Remember, these are usually not allowed by certain systems that require a character limit and mixture of letters and symbols so try shortening the words.
Such a pity then when so many website scupper the whole idea of password security by preventing the use of, for instance, special characters or else restrict password length! For instance, TomTom won't allow special characters or capital letters! There was another website I tried to join that didn't permit special characters and limited passwords to 12 characters maximum. These are NOT exceptions.
There is a firm called ACEBIT who produce Password Depot. This programme enables you to store all your passwords in one place. Once accessed you dont even type in your passwords but use a "clipboard-type" function. The programme password is protected by a 128 bit algorithm (I think). The FREE download lets you store up to 30? password without even buying the programme. I have the password list stored on a thumb drive so even if the computer is nicked the passwords are safe. (I dont work for these people but have used their product for years)
The ultimate way to secure yourself on line is to go to LastPass.com and start to use their software. Their software will enable you to have very long, IMPOSSIBLE (yes, I know this article suggests every password is hackable, but that's not true, unless you consider 10 billion years a reasonable length of time to hack a password) and more importantly a different password to every website you use, and it's all totally secure and encrypted and protected by a single password. And before the "wanna be" technical people jump at this, you can use two factor authentication. Put simply, to unlock my master password you need something I carry with me all the time (a phone, a necklace, a keying, a wallet, etc) and something in my head (my master password). Without both you can't unlock. I could talk all day on this, but head on over to LastPass.com. It's free without limits and has been studied and taken apart by one of the worlds leading security experts Steve Gibson of grc.com (google security now episode 256). I don't work for any of the above, but if everyone used this software there would be no such thing as hacking passwords (only trying and failing :) ) .......but to reiterate this article, even with LastPass, if your password is under 11 characters, it's vulnerable.
There is a great password generating app for Android, Password Prodigy Lite. It's free and it allows you to transform your easy to remember "weak" passwords into strong passwords. Also, you can create passwords from phrases. The app can be found at the Google Play Store.