By Luanne Kadlub
A new year signals a fresh start and time for new passwords for all of your online accounts – especially if you haven’t changed your passwords in months, years or ever. Changing your password is even more critical if your password is the word “password.”
Why? Splash Data ranked “password” as the most popular password of 2012. Rounding out the top 25: 123456, 12345678, abc123, qwerty, monkey, letmein, dragon, 111111, baseball, iloveyou, trustno1 (except your BBB of course), 1234567, sunshine, master, 123123, welcome, shadow, Ashley, football, jesus, Michael, ninja, mustang and password1.
Experts recommend changing passwords at least every six months with every three months being the gold standard. There are several reasons for this. First, passwords are often stolen without our knowledge and second, stolen passwords often aren't used immediately. Instead, they're collected, sold to organized crime, rebundled and resold, and often left untouched for long periods of time. Even if you're not aware your password was stolen, if you’re in the habit of changing it periodically, there’s a good chance you will have changed it before a thief has an opportunity to use it.
At BBB, for example, our computers and some of the programs we use remind every user to change his/her password at a designated time frame. At home? Well, my guess is many of us have been using the same passwords for a long time – but no one’s willing to fess up.
Changing your password is not difficult. Neither is changing your weak password (12345) into a strong password (12AbF34#%). I’m not a fan of passwords that don’t resonate with me, such as the one I just mentioned that mixes numerals, upper and lowercase letters and symbols in a hodgepodge fashion. Who remembers those? Certainly not me.
A common suggestion is to take a sentence or phrase that you know well. For example, I’m a big fan of Arnold Lobel’s “Frog and Toad” series of children’s books. Let’s say I chose this sentence: “Frog and Toad agreed: it was a perfect day for a swim.” I would take the first letter of each word and I get FaTa:iwapdfas. Need to throw in a numeral? Pick your favorite and insert it where it makes sense for you.
Do you need to have a separate password for all of your online accounts? Opinions differ. Some experts say if you have one strong password – seven or eight characters with a mix of letters, numerals and symbols – it should be good enough. Others say that’s foolhardy and that you should have different passwords for all of your accounts. I’m thinking the real answer is somewhere in the middle.
We should listen, however, when the experts tell us not to write them down – not even in our own homes – for fear that they’ll be stolen. Why? It’s an unfortunate fact that identity theft is often done by someone we know, often family members, friends or employees.
If you can’t write them down what should you do? Make your passwords strong – but make them memorable.