J.P. Morgan recently published a white paper titled Payments Fraud: A Moving Target where they discussed the overall weaknesses of passwords in general. It states that studies show that nearly one-half of online users use the same or very similar passwords to all websites that need logging in. I am personally guilty of this because I have so many sites that need a user id/login and password that it can be unmanageable. We all know how frustrating it is when you wish to use a site but can’t remember your login credentials. Hackers have a high level of sophistication around cracking passwords so these reminders are worth reviewing.
The article suggests the following tips:
- Be complex: use a combination of upper- and lower- case characters plus numbers and symbols
- Go long: the longer the password, the more difficult it is to guess
- Use phrases rather than a specific word: consider using a phrase that reminds you of an event. I like “welcometoSt.Thomas.”
- Use different passwords for different sites: I consider this a personal challenge.
- Create combinations: perhaps use the first two letters of several familiar things, places, etc. Huh? I need help on this one.
- Create a private acronym: use the first letters of a phrase that has meaning for you and is easy to remember, then add digits and/or special characters to make it strong. Can someone try this and let me know how it goes?
- Use capitalization and substitution creatively: for instance, use capitalization in the middle of your password instead of the beginning and substitute letters for numbers
- Change assigned passwords: ALWAYS (and immediately) change initially assigned digital passwords to personal, unique passwords
- Change your passwords often: but avoid patterns (guilty) and do not recycle recent passwords
- Do not enter passwords on “public” computers: computers used by many people are often unsafe for accessing sites containing private information