Lots of people worry about clever hackers breaking into their computers but the number one way that people are compromised doesn’t require any advanced technology. It’s as simple as an intruder knowing your password.
Whether it’s an adult’s online bank account or a child’s Club Penguin account, having a strong and secure password is your best defense.
There are many ways that people can get your password. One is to simply ask. I know that sounds kind of lame, but the fact is that people sometimes do ask and friends sometimes acquiesce as a way of confirming trust and friendship. This is especially true for children. If someone asks you or your password, just say no. You don’t have to make excuses but just let them know that you wish to keep it confidential. Parents should warn kids to never give out their passwords to anyone (other than perhaps their parents).
It’s not uncommon for people to leave their passwords laying around in public. The other day I saw a colleague’s laptop with a yellow sticky note with her passwords. That’s not a good idea. A better solution for keeping your passwords “nearby” is to use a password manager such as LastPass (www.lastpass.com) or RoboForm. With these programs you can have one secure password that launches the program which, in turn, stores all of your other passwords.
Here are some password tips from ConnectSafely.org. Scroll down for links to additional resources.
Tips for Strong, Secure Passwords (from ConnectSafely.org)
Never give out your password to anyone (except your parents). Never give it to friends, even if they’re really good friends. A friend can – accidentally, we hope – pass your password along to others or even become an ex-friend and abuse it.
Don’t just use one password. It’s possible that someone working at a site where you use that password could pass it on or use it to break into your accounts at other sites.
Create passwords that are easy to remember but hard for others to guess. When possible, use a phrase such as “I started 7th grade at Lincoln Middle School in 2004” and use the initial of each word like this: “Is7gaLMSi2004.”
Make the password at least 8 characters long. The longer the better. Longer passwords are harder for thieves to crack.
Include numbers, capital letters and symbols. Consider using a $ instead of an S or a 1 instead of an L, or including an & or % – but note that $1ngle is NOT a good password. Password thieves are onto this. But Mf$1avng (short for “My friend Sam is a very nice guy) is an excellent password.
Consider using a password manager. Programs or Web services like RoboForm (Windows only) or Lastpass (Windows and Mac) let you create a different very strong password for each of your sites. But you only have to remember the one password to access the program or secure site that stores your passwords for you.
Don’t fall for “phishing” attacks. Be very careful before clicking on a link (even if it appears to be from a legitimate site) asking you to log in, change your password or provide any other personal information. It might be legit or it might be a “phishing” scam where the information you enter goes to a hacker. When in doubt, log on manually by typing what you know to be the site’s URL into your browser window.
Make sure your computer is secure. The best password in the world might not do you any good if someone is looking over your shoulder while you type or if you forget to log out on a cybercafe computer. Malicious software, including “keyboard loggers” that record all of your keystrokes, has been used to steal passwords and other information. To increase security, make sure you’re using up-to-date anti-malware software and that your operating system is up-to-date.
Consider a “password” for your phone too. Many phones can be locked so that the only way to use them is to type in a code, typically a string of numbers. Sometimes when people with bad intentions find unlocked phones, they use them to steal the owners’ information, make a lot of calls, or send texts that look like they’re coming from the owner. Someone posing as you could send texts that make it look like you’re bullying or harassing someone in your address book with inappropriate images or words.