October is National Cybersecurity Month, so I’ve put together a special series of Kellam’s Tech Tips focused on easy and effective ways to increase your cybersecurity. Throughout this month, look for weekly posts that focus on actions you can take to make your online life more secure.
This week I want to focus on passwords. Coming up with unique passwords and changing those passwords frequently doesn’t take too much time or effort, and it can go a long way in protecting your information. However, we're often lazy about our passwords because we need so many of them to maintain the various accounts we have online. The more passwords there are, the more difficult it is to remember all of them, and so often people compensate by using the same password across various accounts, or they differ only slightly. This is a huge security risk.
I want to emphasize two things you can do to help strengthen and manage your passwords.
There has often been emphasis placed on password randomization and unique characters (i.e. underscores, replacing certain letters with numbers, dollar signs, etc.) to make passwords strong, but both of these characteristics make it more difficult to remember them. However, The National Institute of Standards and Technology (NIST) recently updated its password security recommendations to shift away from periodic password changes and “randomness,” to focus on length. You should make your passwords long phrases that can be easy to remember, but also unique. For example, “myfavoritetelevisionseriesfromthe90sisSeinfeld.” It may look long and jumbled, but it’s just a short phrase that is easier to remember than a short random word, a sequence of symbols, or date. NIST strongly recommends a minimum of 8 characters and that you use the longest password permitted. Parameters may vary for different websites. Longer passwords also make it more difficult for “brute force” software to decipher.
Another great tool, which I use and highly recommend, is a password manager. This allows you to store all of your passwords in one safe location. Some even have web browser plug-ins that automatically ask if you want to save the password when you start a new account. Password managers can also randomize your passwords for you. With a password manager, you only need one strong password to access the manager and it can take care of the rest. It protects you if a site you frequent is hacked and your password is compromised because it is only used for that site, the rest are different. I use and recommend LastPass. It’s free for desktop computers, easy to use, and doesn’t cost much for additional services (such as mobile device access). There are many other good managers out there as well, just be sure to do a little bit of research to find the one that best fits your needs.
Whatever method you use to choose and manage your passwords, it is imperative that you be smart about your online security. You don’t want to be the victim of fraud or identity theft because of a failure to properly secure your online accounts and identity.