Time to change your passwords!

When was the last time you changed your passwords? Last week? Last month? Never? If it’s not been within the last three months or worse, never, it’s time to change your ways! What got me thinking about this is recently having to change all my passwords where I work. We have a strict policy they be changed every 90 days. This is a good rule of thumb even outside of work. Attackers target passwords because they are used everywhere. What’s worse is the majority of all people use the same password for everything from their Facebook login to their banking website login. Once an attacker has a user’s password, they’ve essentially unlocked that person’s life. Here’s some hints to help you along the way.

  • Change your password frequently. Every 90 days is a good length of time.
  • Use a different password for every website. If you’re one of those people that doesn’t like this idea, at least use a different password for your bank’s website.
  • Use a strong password. Strong passwords are at least 8 characters in length with letters (A..Z), numbers (0-9), and special characters (!@#$%^&*). When setting up your password, make sure you read the website’s policy about what they except. Not all websites will allow you to use special characters (shame on them).
  • Don’t use names/nicknames, birth dates, ID numbers, favorite foods/drinks/locations/movies/vehicles. These are too easy to guess.
  • Don’t use “password” as a password not matter how you spell it or change the letters up. If you do, you’re really just asking for it. Seriously.
  • Use a password safe/keeper. These keep your passwords safe from access by locking them in an encrypted database accessed via a password and/or some type of key. A couple of ones I’ve used are PasswordSafe and Keepass. I’ve found I like Keepass more than PasswordSafe, however, your needs may very. I recommend you test out different ones to find which one meets your needs the best.

By following these simple suggestions, you can make it more difficult for attackers to gain access to your private information. Even if they are able to get one of your passwords, the damage they can do is limited to just that one account.

Comments

1

I read a lot recently about hackers infecting servers and databases of different companies asking for money to get back access (ransomware). In the first few months of 2016 several popular law firms were attacked to get confidential information and eventually, money. Ransomware is a threat especially in the United States and Italy, according to numerous statistics based on number of detections. Few basic tips to protect your business and PC: change your passwords frequently, install and regularly update your antivirus and never click unsolicitated urls.