Time To Revisit The New Password Safety Rules

Time To Revisit The New Password Safety Rules

LA CANADA, CA - AUGUST 05: The Justice Department has charged 11 people with stealing more than 40 million credit and debit card numbers of customers shopping at TJX Companies by hacking into their computers. The information was then allegedly sold to people who used it to steal tens of thousands of dollars at a time from accounts through automated teller machines in the US and Europe. (Photo by David McNew/Getty Images)

Almost everyday we read about some company or organization that’s been hacked and your personal information has been compromised.

Unfortunately there is not much you can do about that other than change your password and user name if it’s a place where you have valuable information such as a bank, credit card provider, or investment account.

I Forgot My Password

Most companies will have a process where you can reset a new password if you’ve forgotten your previous one. However, if you contact a company and they are able to tell you your password you should complain loudly.

Companies should never ever keep your password where it’s accessible to someone at that company.

Companies use various methods to protect passwords: Hash, Rainbow Tables and Salted Hash.

New Rules for Passwords

  • The Old Outdated Password Rules
    • At least 8 characters long.
    • No names or words that can be guessed unless you use upper lower case in odd places.
    • No combination of words or phrases unless you alter them somehow.
    • Always use upper lower case and numbers
    • Use at least one special character (#,$,%,&,*,) if allowed by the site.

The above rules no longer get the job done. With new faster computers it’s easy to crack passwords that use these outdated rules.

  • The New and Improved Password Rules
    • 12 characters at a minimum, 14 are better and 24 are best.
    • The longer the password is the harder it is to hack.
    • Use a combination of upper and lowercase letters, numbers and include special characters if allowed.
    • Words and phrases are not an issue as long as the password is long enough. At least 12 characters or longer.
    • Consider padding the password with a random character to make it longer. ****password**** is actually safer than 7CxX&*Xf.

The shorter password would be much easier and faster to crack than the longer one.

Why? Because there are fewer mathematical combinations in the shorter password than the longer one.

Size does matter — Longer is better.

How Often Should I Change My Password?

Why change it at all if it’s long enough? If it’s hackable today it will be just as hackable tomorrow if it’s too short.

Passwords don’t weaken with age or become outdated unless you're using the same weak one for all accounts.

OrangeBlacktop$$BedBugGummyBears99 will be just as strong tomorrow as it was last week.

If you know a company has been hacked then by all means change your user name and password on their site immediately.

A lot of people have been hacked on Facebook in recent months. Fake friend requests by people who are already your friends are becoming more frequent.

On social media I would suggest a long password such at “Dogbedappletreedishwasher#59buickpickup.” Thirty-nine characters. Easy to remember, but hard to hack. Add an extra capital here and there, plus a couple special characters, and you should be pretty safe.

Some Final Thoughts

Most of us use the same password for many sites. This obviously is not a good idea with all the identity theft that’s out there.

Especially for logging into banks and credit card accounts. CapitalOneWhat$InYourBathtubDrain00

A good computer program can run all the possible combinations of an eight-character password in less than a day.

The longer the password is, the longer it will take to hack all the possible combinations.

I use a program called Dashlane that keeps all my passwords in one place offline from my cell and computer. It logs me in automatically and if I forget a password I can quickly look it up on either.

It will also create strong passwords (12 character minimum) for me or I can create my own so I don’t need to remember them and they're different for each site.

If I buy something online it will automatically enter my credit card information for me and keep all the receipts and info off my laptop.

There is a free version but after trying that I opted for the paid version – about $40 per year which has some extra features I found valuable for my needs.

How are you protecting your passwords?

Comments below

Filed Under: credit card, dashlane, hash, Identity Theft, investments, kmms, password, Rainbow Tables, Salted Hash, tom egelhoff, user name
Categories: AM 1450 Exclusive, Commentary, Crime, National News, Opinion, Technology, Tom's Opinion

More From KMMS-KPRK 1450 AM