Techy Tuesday: Plan a password strategy and stop locking up your bank account

Image courtesy of digitalart / FreeDigitalPhotos.net

Image courtesy of digitalart / FreeDigitalPhotos.net

The human brain is designed to hold a gazillion trillion amounts of information. I made that number up, because really no one knows for sure how much information the human brain really holds. Like when you recall some obscure childhood memory where you put play dough in a door lock thereby cementing the internal mechanisms and rendering the lock useless. That wasn’t you? Oh, then, maybe that was just me.

Well, one thing I know is that the human brain is not designed to hold an unlimited number of passwords. Or, at least, mine isn’t. Certainly I am not the only person on the planet who has locked herself out of her bank account because the answer to the question “What is your mother’s maiden name?” was not actually my mother’s maiden name but my grandmother’s maiden name. Because, you know, someone might know my mother’s maiden name and hack my account.

Everything requires a password or a PIN (personal identification number). EVERYTHING! And to complicate the matter, every website, bank card, parking garage keypad and children’s playscape security checkpoint requires a different combination of letters (a, b, c), numbers (1, 2, 3), characters (!, @, #), and upper and lowercase letters (A, a, B). Confusing.

To further complicate the sign-in process, many sites require a user name, account number, or some other kind of account identification. How many times a day do I have to ask myself, “who am I?” Talk about your fragmented personalities.

First, let’s define a hacker. I won’t get into the untold damage a hacker can incur on an individual or business. I’ll save that for a rant article one day. But let’s just boil it down to something simple: A hacker is a person or persons who delight in crashing, maiming, stealing and otherwise destroying a person’s computerized life. The fallout from a hack can cause serious harm and residual damage for years in the form of identity theft, financial theft from a bank account or credit card, and loss of personal data, including photos, videos, and documents.

That’s why passwords are important to protect your logins. While they can be a nuisance, they are meant to secure your information.  To try to keep some sanity in the process of setting up usernames and passwords, without writing anything on my hand in invisible ink, I have devised a simplified process.

  1. For account names, many sites use an email address. I have a dedicated email address setup to use for some of my non-personal accounts. By doing that, I funnel a lot of spam into that account and avoid overflowing my personal email. If I need to reset a password, I simply login to that dedicated account, to retrieve the email link to reset the account. This email address should not be used for accounts and sites where you get time-sensitive emails or communication which requires any kind of action from you. Obviously, you want to know when your account is overdrawn, or your payment hasn’t been received, or someone has stolen your credit card number and funded a lavish European vacation at your expense.
  2. Pick a basic word or phrase, four to six letters. Don’t use the name of anyone in your immediate family. Or pets.
  3. Then, pick at least three numbers. Birthdays and phone numbers are a no-no.

This combination can be your basic password. Many websites require a minimum eight character password, so you’re set with a five letter word and three numbers, such as monet341. Use this type of password for websites which do not have sensitive personal data.

For websites that have financial information or other sensitive data, your password needs to be what is referred to as “strong”. Hacker-unfriendly, in other words. Throw in a random uppercase letter and a character, for example moNet_341.

A couple of words of caution:

  1. Don’t share your passwords. Don’t write passwords down where anyone can find them or save them to a file called passwords and leave on your hard drive for the computer nerd to copy.
  2. While some sites like to link logins, (you know the Login with Facebook or Twitter buttons?), it’s not generally a good idea. I read an article last year about a tech writer’s nightmare hack. The gist of the story was how the hacker secured access to one of the writer’s accounts by resetting the password.  The hacker had to snoop around a little, but apparently was able to call in a password reset and talk his way through a couple of low-end security questions. That opened him up to a number of other linked accounts, ultimately giving the hacker access to erase his Mac laptop remotely. The writer lost all his family photos, written articles, etc. He confessed that it was a hard lesson learned and one in which he was partly responsible.
  3. Don’t share account logins with anyone else. I’m not talking about hiding information from a spouse, but the more people who know a login, the easier it makes a hack possible.
  4. Never login to financial sites on an open-access wi-fi connection, such as at a library or coffee shop. Once you type in the login information and hit enter, anyone else logged in on the Wi-Fi can intercept your information and use your login.
  5. Likewise, never login to an important account on a public computer or even someone else’s computer. Programs, called keyloggers, on a computer can capture the login information and pass it to someone who will use it to hack the account.
  6. Lock your devices. A PIN, even a simple four-digit one, adds an extra layer of protection if someone picks up your phone, iPad, laptop, etc.
  7. Never use links in emails to login to any account. If you get an email encouraging you to go to a site to do anything, open a browser and type in the link independently, ensuring that you’re going to the right site. Some hackers use these emails, known as phishes, to redirect you to a site which captures your login information and any changes you make, such as credit card information.

As for PINs, which are usually three or four digits, do not use current phone numbers, birthdays, or addresses. Instead, recall a random childhood memory, such as your high school locker combination. Yeah, I don’t remember that either. Anyway, you get the idea.

Many places require you to change your password regularly. That is generally beyond the scope of my memory recall, but if you follow the plan you can still pull it off. In fact, I have at least two different password blocks setup for different classes of logins. My financial, life-or-death, type accounts get a longer, more complicated password. I watch them regularly for unauthorized access and change the passwords often. They are not linked in any way to any other identifying account. My social media accounts might have similar passwords, but they are still not linked, so if someone hacks my Twitter, they can’t post to Facebook, and vice versa. I learned this trick when my Pinterest account was hacked, and a weird make money scheme article was pinned to my boards and posted to my Facebook. Now, they’re separate, and I don’t share much among the different social media accounts. Not very convenient, but better than opening up a can of worms.

Secure your personal information with good passwords. But don’t lock yourself out of all your accounts with ones you can’t remember. Plan it.

Georganne

 

Please note: I reserve the right to delete comments that are offensive or off-topic.

Leave a Reply