Perfecting Your Password
Ways To Ensure You Online Info Stays Safe
January 22, 2015 by David Khan
With the rise of the Internet came a new dilemma for many people: how to protect their email and other accounts from hackers (serious ones or otherwise) in a way that was easy to implement, without being too hard to remember. Along came passwords for everything from Yahoo to banks, meaning most people either had to come up with different ones for each account, or use the same password for every site they visited.
But even as online threats have increased and the importance of strong passwords has been stressed, many people still fail to come up with one that most IT experts would consider secure. In fact, the Internet is more than 20 years old, yet a recent study showed that millions still use something as easy to guess as “12345.”
Recognizing this problem, and spurred by several attacks by Chinese hackers, the Department of Defense (DoD) tightened up its requirements for passwords as a way to thwart cyber attacks, phishing, and other intrusion tactics. Originally, most DoD sites were accessed using a single sign on through a Common Access Card (CAC). The new DoD rules have changed this one-step method.
A number of DoD sites, such as Navy Knowledge Online, Defense Finance and Accounting Service, all require the CAC in addition to a strong password. And to help ensure those passwords meet certain standards, DoD policy stipulates that all passwords shall:
- Be at least eight characters in length; 12 – 16 if feasible
- Be a combination of upper and lower case letters, numbers, and special characters
- Be changed every 90 days, or upon direction
- A history of individual password usage will be maintained for one year to preclude the use of old passwords
- Not be composed of any words found in a dictionary
- Not be displayed at any terminal or printer
- Be protected from disclosure by the user, who will employ appropriate protective actions while logging on to system
There are a few more sensitive military sites with passwords that expire every 30 to 45 days, but these rules apply to a majority of DoD sites. The downside is that many service members might find it difficult to remember a number of different passwords and have gone to placing them in a file on their smartphones so they can pull up the necessary one when needed. As one can imagine, that’s probably not the best solution—if your phone is ever stolen or even lost, whomever takes or finds it would be able to use that information.
So what can you do to keep your passwords top of mind and safe? Some experts recommend a few things:
- Don’t use your favorite sport, sports team, car, or other easy-to-figure-out word
- Don’t use your birthday or birth year
- Don’t use children’s or pets names
- Use a service or site such as SplashID that can store passwords in a secure way, if you need to record them somewhere
- Use a mix of random words, as suggested by the folks at XKCD (who also do the math on just how strong such a method actually is)
- Use initials from a common phrase you can remember, but that have some letters switched with numbers or symbols. For example, “We Are Going To Need a Bigger Boat” from the movie Jaws could be turned into W@G2naBB.
In the end, no password is 100% safe from a dedicated hacker. But making your password unique and memorable can go a long way.