A few days ago, I noticed a strange Facebook wall post from my sister, Robyn, about a cheap laptop deal. Because it’s quite unlike her to care enough about a cheap laptop to take the time to share the details with her friends, I just had to call her to find out more.
While we were on the phone, she told me that she hadn’t written the out-of-the-ordinary post that was on her Facebook profile. She panicked, and anxiously asked what she could do to fix the problem. At the time, I thought the issue was caused by a virus, so I recommended that she change her password on Facebook, delete the post and all of its “autoposted” comments, spread the word that the laptop entry was potentially harmful, and run a malware protection program to eliminate the infection.
Ultimately, my recommendations solved only part of a much more complicated issue.
Several days after the Facebook fiasco—and several malware scans later—Robyn noticed some strange transactions on her bank statement. You can likely guess where this is headed. In addition to her Facebook account, Robyn’s PayPal™ account had now been hacked. After several stressful phone calls to PayPal and her bank, we narrowed the security breach to an overseas person(s) who had been using her debit card, via PayPal, to purchase expensive goods from Walmart.com.
How could this have happened?
Both Facebook and PayPal require an email address and password as log-in credentials. The hacker, unfortunately, rightly assumed that the log-in credentials for Robyn’s PayPal account were the same as those for her Facebook account.
So what’s the moral of the story?
Because most of us use multiple websites for personal and business needs, it’s often difficult to create unique log-in passwords for each of those online services. In my job, for example, I manage comparison shopping engine accounts for eCommerce merchants, with each client needing unique passwords for each of the shopping engines. Although managing the process can get a bit cumbersome, it’s well worth the time and effort to do so carefully.
Here are a few tips for creating unique, secure passwords that can help you protect your personal and financial information online:
- Use different passwords for different websites. Because all website security measures are not created equal, it’s important that you manage your online identity, rather than assuming that a website’s security system will protect you.
- Avoid using any sequence of numbers (such as 12345), letters (such as abcde), or keys that are next to each other on the keyboard (such as QWERTY). There are programs that can automatically put those strings together and crack your password.
- Avoid using a word (or even a commonly misspelled word) that’s found in the dictionary. Password crackers can filter through passwords by setting dictionary files—similar to the dictionary file used to spell check your text in Microsoft® Word—to attempt every entry in the dictionary file until they are successful with logging in. And some of the existing dictionary files, unfortunately, include commonly used passwords. Always avoid using passwords that a person or computer can easily guess.
- Avoid using any part of your name, log-in name, Social Security number, or phone number. Although doing so may help you remember the password more easily, it also makes it easier for a hacker to figure out your password.
- Use unique symbols, and always keep in mind that longer passwords are better than shorter ones. Combine letters, numbers, and symbols in a manner that’s meaningful to you, but that can’t be easily guessed by a robot or another human.
Although there are several websites devoted solely to generating random, secure passwords, with your creativity, and the tips I’ve provided, you should be able to create secure passwords on your own. So with that in mind, may you have fun, be profitable, and remain safe while you’re online.
Want to learn more? Follow us on Twitter and join us on Facebook.