By Carolyn Jabs
Automatic locks on the family car. Check.
Safety deposit box for valuable papers. Check.
Padlocks for bicycles. Check.
Secure passwords for online assets. Uh-oh.
Now that families conduct so much of their social and financial business online, strong passwords are every bit as important as sturdy locks on the doors of your house. Unfortunately, parents who are very conscientious about other forms of family security often do the virtual equivalent of leaving the key under the doormat.
The recent security scare called Heartbleed should have been a wake up call. If you haven’t already changed passwords for your online accounts, now is the time. And while you’re at it, teach your kids to create smart passwords too. (A curriculum for doing just that is available from Common Sense Media commonsensemedia.org/educators/lesson/strong-passwords-3-5).
The simplest way to manage passwords is to store them all in a vault-like piece of software that will generate, encrypt and remember highly secure passwords on your behalf. Free and reliable programs are available from LastPass, KeePass and Norton Identity Safe. Just be sure that the program you choose will allow easy access on all the devices you use.
Unfortunately, setting up password software requires time that busy parents may not have. Also, the password that gets you into the software becomes the equivalent of the one ring that binds them all, so if you forget it you are doomed. Those who decide to forgo software need to get serious about creating tough passwords. The first rule is to avoid weaknesses that create openings for trolls, bullies, hackers and identify thieves. Here are three things you don’t want to do:
No personal information. Professional hackers know that it’s easier to remember details from your own life, so if you become a target the first passwords they’ll try are names of people and places that are meaningful to you. Google yourself. Anything that comes up won’t be a good password. That includes birthdates, addresses, employers, phone number, names of family and friends. Next review your social media profiles. Don’t use anything that’s ever been listed as a favorite.
Avoid recognizable words. Many programs have been designed to crack passwords, and most start with a dictionary of words in English and other languages. Using any recognizable word including proper nouns makes you more vulnerable. Adding an unexpected capital letter, a random number or an exclamation point makes the password a bit stronger but not much.
Don’t be cute—or lazy. Despite years of warnings, people still use “default” passwords like “guest” and “password” as well as sequences of keys on the keyboard such as 890-=\ or qwert. Hackers are also acquainted with obvious substitutions like & for E or @ for A or 2 for “to”. And it’s not especially clever to use well-known number sequences like Pi or the Fibonnaci series.
Strong passwords are long--use at least 8 and preferably 12 characters-- and varied--use a combination of letters, numbers, punctuation marks and symbols. Of course, a long and varied password is harder to remember. Here are several ways to generate passwords that are both random and memorable:
Initialing. Choose a title, phrase or quotation that means something to you. Use the initial letter of each word as your password. Toss in caps, numbers and symbols to make it harder to hack.
Letter Scramble. Start with a longish word or short phrase that you will remember. Scramble the letters and substitute numbers and symbols for some of them.
Mix it Up. Choose two words that mean something to you and alternate their letters. If your dog’s name is Skippy and you live at 345 Woodside, your password would be 3S4k5iWpopoyd.
Diceware. To get really random results, roll the dice. Diceware.com lists 7776 words corresponding to all the combinations that are possible when you throw five dice. The website also provides detailed instructions about how to use the list to create very secure passwords and phrases.
Websites. Although many websites offer to generate passwords on your behalf, don’t use one unless you trust the company behind it. For example, the well-known Norton Security company offers a free password generator at identitysafe.norton.com/password-generator.
Experts disagree about whether passwords should be recorded. Most say that a password that’s hard to crack will also be hard to remember, so you’ll probably want to keep a copy somewhere safe. Consider a locked drawer or between the pages of a favorite book. A Post-It on the computer monitor is not a good place for password.
Eventually everyone forgets a password, so be sure your password recovery systems are up-to-date. Many websites send a prompt or reset option to an e-mail address. If you change your e-mail, update the sites that require passwords. Providing a cellphone number also provides a layer of security, especially if you have a cellphone that can be locked if it’s lost.
Once you’ve found what seems like a great password, there’s a temptation to use it often and keep it forever. Don’t. Experts recommend using different passwords, especially for sites that involve financial information. And put a “Change passwords” reminder on the calendar so you do it at least as often as you change the oil in the car.
Many security experts argue that passwords are obsolete. Perhaps, by the time your kids are adults, they may be able to protect their online assets with a fingerprint or a DNA scan. In the meantime, however, mastering the art of strong passwords is just one more way parents can have the peace of mind that comes from knowing you’ve protected what is precious to your family.