Follow Us:
Protecting Your Online Identity with Hard-to-Hack Passwords

Protect Your Online Identity with Secure PasswordsA few days ago, I noticed a strange Facebook wall post from my sister, Robyn, about a cheap laptop deal. Because it’s quite unlike her to care enough about a cheap laptop to take the time to share the details with her friends, I just had to call her to find out more.

While we were on the phone, she told me that she hadn’t written the out-of-the-ordinary post that was on her Facebook profile. She panicked, and anxiously asked what she could do to fix the problem. At the time, I thought the issue was caused by a virus, so I recommended that she change her password on Facebook, delete the post and all of its “autoposted” comments, spread the word that the laptop entry was potentially harmful, and run a malware protection program to eliminate the infection.

Ultimately, my recommendations solved only part of a much more complicated issue.

Several days after the Facebook fiasco—and several malware scans later—Robyn noticed some strange transactions on her bank statement. You can likely guess where this is headed. In addition to her Facebook account, Robyn’s PayPal™ account had now been hacked. After several stressful phone calls to PayPal and her bank, we narrowed the security breach to an overseas person(s) who had been using her debit card, via PayPal, to purchase expensive goods from Walmart.com.

How could this have happened?

Both Facebook and PayPal require an email address and password as log-in credentials. The hacker, unfortunately, rightly assumed that the log-in credentials for Robyn’s PayPal account were the same as those for her Facebook account.

So what’s the moral of the story?

Because most of us use multiple websites for personal and business needs, it’s often difficult to create unique log-in passwords for each of those online services. In my job, for example, I manage comparison shopping engine accounts for eCommerce merchants, with each client needing unique passwords for each of the shopping engines. Although managing the process can get a bit cumbersome, it’s well worth the time and effort to do so carefully.

Here are a few tips for creating unique, secure passwords that can help you protect your personal and financial information online:

  • Use different passwords for different websites. Because all website security measures are not created equal, it’s important that you manage your online identity, rather than assuming that a website’s security system will protect you.
  • Avoid using any sequence of numbers (such as 12345), letters (such as abcde), or keys that are next to each other on the keyboard (such as QWERTY). There are programs that can automatically put those strings together and crack your password.
  • Avoid using a word (or even a commonly misspelled word) that’s found in the dictionary. Password crackers can filter through passwords by setting dictionary files—similar to the dictionary file used to spell check your text in Microsoft® Word—to attempt every entry in the dictionary file until they are successful with logging in. And some of the existing dictionary files, unfortunately, include commonly used passwords. Always avoid using passwords that a person or computer can easily guess.
  • Avoid using any part of your name, log-in name, Social Security number, or phone number. Although doing so may help you remember the password more easily, it also makes it easier for a hacker to figure out your password.
  • Use unique symbols, and always keep in mind that longer passwords are better than shorter ones. Combine letters, numbers, and symbols in a manner that’s meaningful to you, but that can’t be easily guessed by a robot or another human.

Although there are several websites devoted solely to generating random, secure passwords, with your creativity, and the tips I’ve provided, you should be able to create secure passwords on your own. So with that in mind, may you have fun, be profitable, and remain safe while you’re online.


Want to learn more? Follow us on Twitter and join us on Facebook.


    1. Steve, thank you so much for the pointers. I always get so frustrated when my “normal” password or passwords will not work for a new account. It is easy to forget why we need these passwords and why they need to be so different from one another! I immediately shared this on Facebook and Twitter! Thank you again for this post. It really makes me look at things in a whole new light.

      Darcy!

      1
    2. Great tips. I see many website and email account intrusions due to bad passwords. Don’t be fooled into thinking that you have to be “targeted”—most of the compromises I see in my syadmin work are due to bots just scanning for common passwords.

      “Use different passwords for different websites.”

      The approach I take is to have different groups of sites. For example, I keep work and personal passwords unique. Within each group, I then have classes:

      • High Security: Banking, medical, insurance, and anything with significant personal data that could be used for ID theft.
      • Medium Security: Online stores, service accounts, and Web applications.
      • Low Security: Blogs, forums, and other places that require general registration.

      I also have a couple of tricks I use to add letters and numbers based on key elements of the site or the username.

      For work, we use a password management tool, and all high-security accounts have 18-character secure passwords.

      2
    3. Thank you both Darcy and Jeff for reading, spreading the word, and taking the time to comment. Jeff, I like your method of grouping passwords together by the degree of security needed. For the longest time I would always worry myself with thoughts like, “Wow, how am I going to remember all of these passwords?” It sounds like with your method you’re able to keep that under control, and if one of your blogs were to ever get hacked at least the issue would stop there. Thanks again.

      3
    Join the Small Business Forum Community
    The Small Business Forum is a place where small business owners can learn, ask questions, and share advice on how to succeed online