New Year, New (More Secure) You

It’s a new year, and I’m sure every one of us made at least one small promise (if only whispered to ourselves at 12:01am on Jan 1)  to be better or do better at something this year. I can help you out with an easy one that will definitely improve your security profile, and I’m pretty sure a safer you = a more healthier you (at least digitally).

Let’s talk about the foundation of personal security: the Password.

Change that password. You know the one. The one you use everywhere. Change it! Make it hard. There are dozens of methods for coming up with one. Here’s one:

1. Pick your favorite quote (or one you have memorized), use the first letter from each word. How about, “Twas the night before Christmas” which gives us “Ttnbc” – 5 characters, a good starting point.
2. Randomize the capitalization in a way you can remember. How about reverse camel caps? “tTnBc”.
3. Since we need 8 characters minimum, let’s add two numbers, and since we’re talking about Christmas, let’s add “24” on the end (or the beginning, it doesn’t matter).
4. And we need a special character, how about the “@” symbol which looks like a Christmas ornament.

So now we have “@tTnBc24”. You’ll remember it because you created a small story behind the password, which will make it memorable. But Chris, you always say to use a unique password for every account! No problem, here’s how you do that, while still making every password you create memorable:

1. For every unique account password you need to create, pick a string of 3 or 4 letters based on the name of the account (however you remember it, company name or type) – let’s say the first 3 letters, and always use the same rule. So for your Chase bank account, you’d add “Cha” somewhere to the password, either beginning or end.
2. Before you tack it on the end of the password, pick a symbol that will act as the glue (or divider) between your specific account divider, let’s just say “+” because that makes sense right?
3. Now you have “@tTnBc24+Cha”.

WARNING: if anyone ever gets ahold of more than one of your passwords generated via the above method, they may spot the pattern right away, especially if the account is known for each password, making it relatively easy to guess other account passwords. My recommendation here is to not use this method with passwords that you have to share with other people (it will be obvious if they see more than one). For those, use a random generator and store them in a known secure password utility, such as LastPass, KeePass, Dashlane or Roboform. 

Use the above method for the accounts you access frequently, but don’t want to lower your security because of how valuable they are. Examples should include your email account (especially the one you use to send password resets/reminders to), anything that is attached to your money, accounts that has sensitive private information like insurance websites, and, most importantly, all of your social media sites, especially any in which you interact with friends and family.

If you are wondering if a password you’ve used in the past has been exposed, you can check https://haveibeenpwned.com if you know the email address to which the account was attached. This website is essentially a giant database of all the known data breaches over the past couple of years. If your email address raises a red flag, you should change the password you used for that account, especially if you used that same password elsewhere.

Image courtesy of Stuart Miles at FreeDigitalPhotos.net