How to choose a strong password for your online accounts

There have been a lot of stories in the news about the latest online security bug, which has been dubbed Heartbleed.

Without diving into too much techno-babble, most secure web sites use a standard security protocol called SSL to encrypt the data that is sent between your computer and the web site that you are logged into. Because the data is encrypted you are protected since even if a hacker were to intercept your information they would not be able to read it.

This Heartbleed bug though opened a door that would allow a hacker to read your encrypted information, potentially stealing your password to your online accounts among other things.strong password

Since financial web sites are among those that commonly use the SSL protocol, you should take steps to make sure you are protected.

What should you do?

First, check the web sites you use for financial accounts and see if they have a statement regarding the bug. They probably do. Not all sites are affected, but many are. If you don’t see anything, contact your institution and make sure they have addressed any issues related to the bug.

Second, now would be a great time to change your passwords for any online services you use. It is a good practice to do this periodically anyway, and especially after a security flaw like this one is revealed.

Third, it is always wise to review your monthly statements for any transactions that you don’t believe you made. It is also a good idea to check your credit report at least once a year. If it has been a while, now would be a great time to do it.

What constitutes a bad password?

Obviously the main point of a password is it should be difficult to guess.

  • Don’t choose easy combinations like “111111” or “qwerty” or “abcdef”
  • “Password” is never a good choice, nor is it a good idea to make your password the same as your logon id.
  • Don’t use easily guessable words like the name of your spouse or your children, pets, birthdays or anniversaries, where you live, or any other easy to guess facts. As a side note:  be careful what you post in profiles on your social media web sites. Posting items like your birthdate, home town, etc. just makes it easier for a criminal to get information about you.
  • Never leave a password blank even if it is allowed.
  • Avoid common words you could find in a dictionary.
  • Passwords should be complex, but they shouldn’t be so difficult that you have to write them down to remember them.
  • Be careful about using your password on a public computer like at a library or when using a public wi-fi hot spot like at a Starbucks.

Choosing a strong password

So how do you choose a strong password?

  1. Strong passwords should contain a mixture of lowercase and upper case letters. Mix in some numbers. And if you can, use some special characters or symbols like !, @, %, &, etc.
  2. Longer passwords are better. Ideally, your password should be at least 8-12 characters.
  3. Combine two or three totally unrelated words.
  4. One of my favorite suggestions is to base your password after a song lyric or a common phase by taking the first character of each word. For example, “Mary had a little lamb, its fleece was white as snow.” would yield a password of “mhallifwwas”. The beauty of this kind of password is you are almost guaranteed to have a random string of letters that will never spell out a common dictionary word, but it is easy to remember since you know the song or phase on which it is based.
  5. Use a common pattern that only you know, such as always capitalizing the 3rd character or inserting a number or a special character at a certain place in the password.
  6. Sometimes people substitute numbers or symbols for characters that look similar like a “3” for and “E” or a “0” (zero) for an O or a “@” for an “a”.
  7. Most security experts recommend that you do not use the same password for everything. That way if one of your accounts was compromised, other accounts would remain secure. There are a couple ways of doing this:
    • One method is to incorporate the name of the website into the password. For example, I might take the first three letters of the web site and insert them somewhere in my password. So my password for would have “ama” somewhere in it, but by password for would have “eba” at that some location.
    • Another alternative is to use password manager software. When you use these products you need only remember a “master” password for the password manager product. The product then generates unique, complex passwords for each of your sites and enters them for you automatically when you go to the site. I have not personally used any of these products so I don’t have a specific recommendation, but PC Magazine recently published The Best Password Managers which reviews a number of the common options.

Take the time to protect yourself

Take the time to choose a strong password for your online accounts. There are no guarantees that your account will never be hacked, but by taking a few simple steps you can make it very difficult for anyone that may be trying to steal your identity.

Additionally, even if you are unlucky enough to be hacked and someone uses your accounts fraudulently, remember you are not responsible for charges made by a criminal who steals your identity.

Don’t allow stories like the ones related to this Heartbleed bug to scare you away from using online accounts. I love the convenience of being able to access my bank accounts and make simple transactions from almost anywhere. It is a wonderful benefit. Just make sure that you take these simple precautions to keep your information safe.

When is the last time you changed your online passwords?

Please note: I reserve the right to delete comments that are offensive or off-topic.