(Getty Images)
Wireless technologies such as Bluetooth® and Wi-Fi have forever changed the way people not only interact with one another but also how they complete day-to-day activities such as shopping, researching, banking, eating, and communicating. The more everyone is online, the more there are opportunities for hackers to get into personal accounts, steal information and drain checking or savings accounts before victims realize it. The Canadian Anti-Fraud Centre advises any victims of cybercrime to report it to local authorities. According to the Federal Communications Commission (FCC), securing today's online environment goes beyond thinking about the Wi-Fi router at home - and it all starts with a password.
Passwords should be different for every account that lives online, is in the cloud, or is attached to something that retains personal or financial information. Think about the last time any of your online account passwords were changed. Change them if they are all the same or a similar variation of the same password, if they are too easy to guess, or if they need to be remembered or compromised. According to the Federal Trade Commission, people don’t need to change their passwords as often as they may think; however, ensuring the password is as secure as possible is good practice.
How can you create a strong password?
Think of your passwords as walls.
A password or a passphrase should be considered a wall between free access to your personal information and the world. The stronger the wall, the more difficult it is for others to break down. The more walls, the more difficult it is to access the information. Encryption is the easiest way to protect communication between an electronic device and a website or server.
Avoid easy passwords.
An example of a weak password is easy to guess - information anyone can find on social media sites or through a phishing email or text. A strong password has at least 12 to 16 characters mixed with uppercase and lowercase letters, numbers, and symbols.
Commonly used passwords are your pet’s name, your mother’s maiden name, the town you grew up in, your birthday, your anniversary, etc. Surprisingly, the answers to these common passwords can typically be found online. Even if you don’t consider yourself an active social media user or the internet, your information is on one forum or another. Even for passwords that require numbers and letters, some people stick to simple patterns like 0000, 1111, 1234, etc., and you should not be so predictable. Never use the same password for multiple accounts, especially for the most sensitive ones, such as bank accounts, credit cards, legal or tax records, or medically-related files.
Make them creative.
Need more creative ideas for different passwords? Can you use song lyrics? Not only is it impossible for hackers to guess what song you are using, it’s even harder for them to guess which lyrics you’re using.
Use a “passphrase.”
Instead of using a single word, use a passphrase. Your phrase should be around 20 characters long and include random words, numbers, and symbols. Think of something that you will be able to remember, but others need help to come close to guessing, such as PurpleMilk#367JeepDog$.
Use multiple passwords.
Using different passwords for different accounts is also important. While it may be easier to remember one password for every account, it’s much easier for hackers to break down one wall rather than multiple walls. If hackers can figure out one password, even if it’s to something harmless like your Instagram account, they know the password to every account you own. This includes websites you shop online at, banking accounts, health insurance accounts, and email accounts, you name it.
Use multi-factor authentication.
When it’s available and supported by accounts, use two-factor authentication. This requires both your password and additional information upon logging in. The second piece is generally a code sent to your phone or a random number generated by an app or token. This will protect your account even if your password is compromised. Many devices include fingerprint or facial recognition to unlock them, which helps protect any apps on the device if they become lost or stolen.
Consider a password manager.
A written list works, but if you’re worried about losing it, type up an electronic list and label it something other than "PASSWORDS." Keep the list updated, organized, and secretive. Avoid keeping the list on the device, as it will make it easier for the thief to access the apps and personal data.
You can also use a reputable password manager to create strong, random passwords for you and to store your information. These easy-to-access apps store all your password information and security question answers in case you ever need to remember. However, don’t forget to use a strong password to secure the information within your password manager.
Select security questions only you know the answer to.
Many security questions ask for answers to information available in public records or online, like your zip code, mother’s maiden name, and birthplace. A motivated attacker can easily obtain that information. Don’t use questions with a limited number of responses that attackers can easily guess—like the color of your first car.
Wi-Fi is a security concern as well. Check your device settings before surfing the web.
- Check the validity of available Wi-Fi hotspots. Hackers will set up fake hotspots with the names of stores or institutions you might trust.
- Make sure all websites you use have "https" at the beginning of the web address.
- Install an app add-on that forces your web browsers to use encryption when connecting to websites.
If you receive notification from a company about a possible data breach, it is always best practice to immediately change that password and any similar passwords. See BBB's tips on handling a security breach.
For more information
Check out more information from BBB on cybersecurity, get tips on protecting yourself against identity theft, and recover from it using the tools from ftc.gov/identitytheft.
For more information, go to BBB.org. In the United States, visit the FTC for more information on cybersecurity. In Canada, visit the Canadian Centre for Cybersecurity. Report fraud and cybercrime to the Canadian Anti-Fraud Centre.