How to be safer online: Passwords
Joel Dresang: Jason, we’re doing a series of videos on how computer users can be safer with their personal information. I know that one thing that you talk to people about a lot is passwords and keeping passwords safe. Why does that come up so much?
Jason Scuglik: That’s right, Joel. Passwords, they’re like the keys to our digital kingdom, and we should protect those with the same care and diligence that we use to protect our keys to our house and our business.
With the ability to do shopping and other transactions online from anywhere in the world, it’s more important now than ever to protect that information.
Joel: So, based on common mistakes that you’ve encountered, you’ve put some advice together. One of your tips is to make sure that we complicate passwords.
Jason: Yes. That’s right, Joel. A simple password makes it easy for us to remember, but it also makes it easy for the criminals to compromise those passwords.
Security researchers routinely put out lists of the most common username and password combinations that they find. If your password is on this list, you really should change it right away.
Also, using a single dictionary word is especially dangerous because a powerful computer can go through the entire English dictionary in just a couple of seconds.
I recommend using a combination of upper- and lowercase letters, numbers and symbols. With passwords, the longer the better.
Joel: So, simple passwords make it easy for us, also repeating those passwords makes it easy for us, but you say no, that we should vary passwords.
Jason: Yes. That’s right. We don’t want to use the same username and password combinations at multiple sites. The reason is when a site is compromised, the criminals will often compile a list of the usernames and passwords that they find there, and they’ll try those usernames and passwords somewhere else, or they’ll sell them on to other criminals.
Joel: So, now you’ve got me using complicated passwords and varying them from one place to another. What tricks do you have to guard passwords?
Jason: Well, Joel, it’s certainly tempting to want to write those passwords down. We’re making them complex, and we’re not using the same ones everywhere.
I recommend not writing the passwords down on your computer, the same as you wouldn’t want to write the PIN to your ATM card right on the card itself.
If you do need help with remembering those passwords and needed to write them down, try to keep them somewhere separate from your computer.
I recommend using what’s known as a password manager. A password manager is simply a program that you can get on your computer – it’s generally free to use – that helps you to manage and organize the passwords that you use.
These programs will also help to generate these secure passwords for you. Some examples of password managers are Dashlane or LastPass or KeePass.
Joel: Jason, another safeguard that I’m seeing more on financial websites is to supplement passwords to ask for more information than just your password. What’s that all about?
Jason: That’s right. That’s what’s known as two-factor or multi-factor authentication. Basically what that means is, in addition to the username and password that you already have, you’re going to need a separate piece of information. It’s usually a code. And these codes, they’ll send it to you via email or text. Also, you may have a small key chain device or an app on your phone that allows you to get this code.
Two-factor authentication is one of the best ways to protect yourself.
Joel: So, after I’m doing all of that, how often should I change passwords?
Jason: It is important to routinely change your passwords. I recommend changing them about every six months or if you have good reason to believe that that password may have been compromised.
Joel: Thanks Jason. This is one of a series of videos that we’re doing on how computer users can be safer with their personal financial information. We’re posting the videos on Landaas.com, our website, as well as on this YouTube channel.
How to be safer online: Computer use, a Money Talk Video with Jason Scuglik
Don’t let ID thieves get your money too, by Joel Dresang
Freeze: Chilling effect on ID theft, by Joel Dresang
Consumer Information on Identity Theft, from the Federal Trade Commission
Credit Freeze FAQs, from the Federal Trade Commission (en Español)
Identity Theft and Your Social Security Number, from the Social Security Administration
Identity Theft Information for Taxpayers and Victims, from the Internal Revenue Service
(initially posted Nov. 20, 2017)