Well, maybe it’s not that dumb, but it is certainly a problem. Jordan has made a grave mistake in the password that she uses for her email, social media accounts, online banking, Amazon, and every other online and mobile service that she has signed up for. Here’s the password:
Jordan thinks this is a great password. It’s easy to remember, has a mix of letters and numbers, and looks kind of “random” to anyone who happens to see it. She thinks it’s a lot smarter than some of the other passwords that people use, like “password123” or the names of pets and children.
It’s actually a dumb password. The letters and numbers aren’t random at all — they are Jordan’s initials and the month and year of her birth. Someone who knows her could guess it, and smart hackers who know her name (easily found on Facebook) could apply various techniques to figure out her password.
There’s another big problem with Jordan’s password. Not only is it easy to guess, she uses it on every website and mobile app she has registered for. This means if someone guesses or steals her password for one service, they have the keys to the castle for every other service she uses, including critical services such as email and bank accounts.
What should Jordan do? As a first step, she should immediately change all of her important passwords. Here are some criteria that she could apply when choosing new passwords:
- Each account that contains personal or important data should have a unique password. The same goes for four-digit personal identification numbers (PINs).
- Don’t use first or last names, initials, or common words — especially “password” — this is a dumb password that gets lots of people in trouble!
- Don’t use repeated or consecutive numbers (“123456” or “8888”).
- Include a mix of letters (upper and lower case) as well as numbers and (if allowed) symbols.
- If asked to create answers to security questions, avoid questions which have answers that can be easily found out, such as place of birth, elementary school, or mother’s maiden name.
- Leave a backup email address or a mobile phone number, which can help with password recovery.
- Change passwords regularly.
- Store passwords in a secure place (not on a piece of paper in a desk drawer!)
Dumb passwords and two-factor identification
Anyone who is serious about account security should also use “two-factor identification” when it is offered. If enabled, when someone tries to log on to the account from an unrecognized device or location, that person will not only have to enter the password, they will also have to enter a code that’s sent to the mobile phone associated with the account. It is a bit of an inconvenience, but it makes it extremely difficult for hackers or scheming ex-boyfriends or girlfriends to access email or social media accounts.
This post was excerpted from Personal Finance For Beginners In 30 Minutes, Vol. 1, by Ian Lamont. All rights reserved.