When my bank recently locked me out of my online account, I panicked. Had someone hacked into my account? Did I still have access to my money? I quickly called my bank, reset my password, and confirmed that no harm had been done. But the incident set off a red flag that inspired me to re-examine my online accounts and how well I guard them.
[In Pictures: 10 Affordable Spots for Summer Vacation]
The Federal Trade Commission reports that 9 million Americans experience identity theft each year, a crime that can lead to everything from Social Security fraud to a drained bank account. Identify theft can start with a weak password, since hacking into an online account can lead to bank account information and other personal details such as birth dates and credit cards. Even hacking into a Facebook account can lead to major fraud, as some Facebook users experienced when hackers broke into their accounts to impersonate them and solicit funds from friends. (The Latest Facebook Scam Uses Your Friends)
As I recently reported in a story on online banking safety, consumers themselves play a big role in protecting their online accounts. Ignoring emails from strangers, never clicking on unfamiliar hyperlinks, and using virus-protection software on smartphones and other mobile devices are just a few of the basic steps that we should all be taking. Choosing secure passwords is one of the simplest strategies to an overall theft-resistant online existence.
The firm myID.com, which provides identity protection services, offers these seven tips for choosing a password that no one—person or machine—can guess.
1. Skip the obvious, simple words. “Words that you can find in a dictionary, even if written backgrounds or in another language, or with a simple number following the world are definite no-nos,” warns the company. That’s because hackers use software that automatically checks for commonly used words.
2. Stay away from any personal information, such as birthdays, sports teams, or children’s names. Anyone who knows you personally—or can find such information about you through social networking sites—will be able to make a reasonable guess at your password.
3. Go long. Longer passwords (over eight characters) reduce the chances of a hacker making a correct guess. That’s why many online companies require passwords to be at least eight characters long.
4. Use those old elementary school memory tricks. If you want an easy way to remember a complicated password, try making up a sentence about it. For example, “I love my dog Harry so much” can translate into the hard-to-guess password ILMDHSM.”
[In Pictures: 10 Smart Ways to Improve Your Budget.]
5. Change passwords as often as you change your air conditioning filter. That’s about once a month for online financial accounts. Other accounts should be changed every three to four months, says myID.com.
6. Be original. Repeating the same or similar passwords across many accounts might make them easier to remember, but they leave you vulnerable, since a breach in one account can quickly lead to domino effect of multi-account hacking.
7. Don’t share. Keep passwords to yourself and try to avoid storing them on your computer or smartphone, where others could see them, including hackers. MyID.com says they belong in your head or a locked safe.
Following all these rules can be cumbersome. (Does anyone own a locked safe these days?) Still, my own scare has inspired me to do a better job. What do you do to keep your passwords safe?
Kimberly Palmer (@alphaconsumer) is the author of the book Generation Earn: The Young Professional's Guide to Spending, Investing, and Giving Back.