I have an admission. My passwords used to be weak. So says Kim Komando.
Komando styles herself “America’s Digital Goddess.” And, with a name like Komando, why wouldn’t she be? Back in June, she wrote about “5 Password Mistakes Far Too Many People Make.”
I plead guilty. Actually, I plead lazy.
It’s not that I don’t understand that there are massive risks to password issues. About 3 years ago, I was at a softball game, standing in line dreaming of homeruns and heroism. Never mind that it was church softball with grade schoolers. I was really going to knock it out of the park. But, I didn’t. Just before getting up to bat, one of my buddies said something that sent chills down my spine: “I think you’ve been hacked.”
Not me! I have strong passwords!
Yep, me. My strong passwords might have been strong a decade ago, but by today’s standards, they were weak. I spent the rest of the evening trying to make sure that hackers weren’t scoring runs off of my obliterated email account.
Komando shocks us with this bolt of lightning from the nerd heavens: “When you’re making new passwords, eight characters should be the absolute minimum, and 10 to 12 characters is recommended. For super important accounts, such as your banking account, a 14 to 16 character password isn’t a bad idea. My I.T. staff uses 30-character passwords for the important systems.”
What? Those aren’t passwords; they’re novels! Good thing there’s a ghostwriter willing to help you out, but we’ll get to that in a moment.
So, besides being too short, what’s wrong with our passwords? Komando says that they are too simple, not unique and old!
Dawn Bjork Buzbee is “The Software Pro.” (Okay, am I the only person without a cool last name?) She adds significantly to Komando’s list. Buzbee says that passwords today are weak because they are based on personal data, easy to guess, are letters only, are always the same and are blurted out to our friends, family and associates too much. Sounding familiar?
Jeff Fox, writing for the Huffington Post, says that hackers are salivating at our predictable behavior. He notes that “long passwords comprised of a variety of letters, numbers and special characters can better withstand cracking software than can short, simpler ones. However, when something about a password’s composition is too predictable—it begins with an upper case letter, for example, or includes a recognizable word—it can be cracked much more quickly.”
The solution? He offers these techie tips:
- Avoid beginning the password with an uppercase letter—or maybe even any letter.
- Create an acronym using the first letter of each word in a memorable sentence, as suggested by security expert Bruce Schneier — example: t2cmlp,@yh (“Try to crack my latest password, all you hackers”).
- Resist your natural tendency to mimic familiar words and phrases.
- Use multiple special characters in the same password.
- Don’t always place digits adjacent to each other.
Finally, about that laziness issue and what to do about passwords that have more in common with the length of “War and Peace” than they do with the bare minimum of letters that the gatekeepers at Netflix required you to chisel into your account years ago when you heard about how amazing the new season of “House of Cards” was going to be. How do you keep up with it all?
The answer is using a password manager. PCMag.com has an excellent review of these nifty browser plugins, and they summarize with this telling statement about what they consider the “best of the best” password managers: “Veteran password manager LastPass 4.0 Premium offers an impressively comprehensive set of features. Slick and polished Dashlane 4 also boasts a ton of features, even some that LastPass lacks. Sticky Password Premium handles essential tasks better than most, and a portion of every purchase goes to help an endangered species.”
I quote this summary because most of us have probably never even heard of the concept of a password manager, let alone that there are so many veterans in the business of keeping your 30-character novel stored away safe and sound. Hackers aren’t just for edgy fictional series and sensationalistic movies.
Hackers are real, and they’re making life miserable for the unprotected. Take the time to evaluate your passwords, set up some basic strategies for good passwords, use a management system and save yourself the misery of having to learn the hard way.
Richard Singleton, MACE, MAMFC, LPC, is the executive director at STARRY in Round Rock.