I recently ran across a meme on social media. It was a monkey sitting in front of a computer impatiently pounding on a keyboard with the caption, “Me trying to remember my password.”
No truer words my banana-loving friend, no truer words. We all have so many passwords for different sites and programs that it gets harder and harder to come up with anything new. Then, after you do create a new password, the challenge of remembering it kicks in (insert monkey meme here).
So why do we need to create such elaborate passwords? It’s hard enough learning all the new levers and switches on the new combine let alone remembering passwords. Research has proven it takes 120 hours of work to get your identity back, once stolen — 120 hours! There is no farmer out there who has that sort of time. We do need to find a way to protect our passwords while out on the farm.
Super computers (a.k.a. computers designed to decipher enormous amounts of data quickly) can figure out eight-character passwords in as little as 22 seconds. Nine-character passwords take up to two hours to break. Ten-character passwords take up to a week and 11-character passwords take two years. The good news is, if you make the password over 12 characters, you're looking at 200 years' worth of security. Time estimates vary, but you get the idea.
As you build out your 12-plus character passwords, here are some common rules to follow to protect your information.
Create passphrases instead of passwords. Individual words — even with slight variations — are easy to guess; but a series of words in a passphrase make them more secure.
Consider making the passphrase or password longer than the minimum limit. Longer passphrases are harder to break than shorter, complex passwords. Mix letters, symbols and numbers in a phrase that means something to you. For instance, I love my dogs; so I might use B0stonTerriersarethebe$t.
Do not use the same password for multiple systems, websites or accounts. Use of the same password for multiple sites or programs means if a password for one is compromised, they all are.
Do not use single words found in the dictionary of any language. Password cracking tools often come with dictionary lists that can try thousands of common words. Cracking a password is not done by a person, but by software which constantly runs for the hacker.
Do not use passwords that include personal information that could be easily accessed or guessed. This includes your birth date, your Social Security or phone number, or names of family members.
This is also a perfect time to share a side note tip with your children. When the grandkids arrive, it is so cute to see the little buddle of joy announced on social media. However, when they say, “Welcome to the world (insert first middle and last name) born on this month day and year”, they have just given hackers the equivalent of your grandchild’s social security number.
In the end, how are we supposed to remember all these passwords? Use Secure Password Providers to help manage your passwords. Password Safe and others such as LastPass, Dashlane, RoboForm, KeePass Password Safe, or Sticky Password can even generate passwords for you. Do not store your list of passwords in a plain text file on your computer or in a notebook at your desk.
Gail Ingledew is the Vice President of Operations and Information Security Officer at Profinium. To learn more about how Profinium is a full financial health solutions center offering banking, mortgage, insurance, trust and wealth planning services in Southern Minnesota, visit Profinium.com.