Can you keep up with today’s password requirements? Nearly every site needs a password. One site wants special characters, the other doesn’t. Some sites require changing passwords every so often. Nothing is consistent with websites and passwords for me, other than I am constantly changing them due to my inability to remember them.

Some days, it’s like a part time job to keep my personal online information secure. To make online purchases require account creation, some personal information, login and password. I’ve been an online shopper since 1995 ish. I have a big footprint. Plus, access to check on credit cards, banking, subscriptions to news sites is now a daily internet activity for me, not to mention social media. My information is all over. It’s no wonder I have more spam email than ever, unwanted junk mail and robocalls.

If My Account Is Hacked, My Credit Card Is Protected?

For a long time, I bought into this statement. My card number has been stolen a few times and the issuing bank notified me and replaced the card. Didn’t really harm me at all until last week. We had an incident and learned a hard lesson. Cyber-thieves are not just out for the credit cards. Our online profiles and the information they contain have more value than the ability to buy a few things with a credit card.

The payoffs for thieves are big! Name and addresses can and do establish identities for fake documents. Verified online profiles get stolen and sold. This includes businesses and verified profiles for public figures.

My blog posts have links that refer readers outside of this blog post. Many but not all links are monetized, meaning if you click a link and/or if you make a purchase after clicking a link, I may earn a small referral fee or commission.

How a Recent Hacking Incident Changed Everything for my Family

In a recent blog post, I wrote about online profiles, being hacked and discussed how lazed I was with my online presence, especially my passwords. Out of laziness, I used my browser to store passwords for every site and used the same password or combination, depending upon the site’s requirements over and over again, the exception, banking sites.

The Chrome browser is fantastic and I know Google works hard to keep their browser safe. I didn’t worry because as stated above, my credit card could easily be replaced. What did I need to worry about? Then it happened and it changed everything. My daughter’s social media account was recently hacked, stolen and put on the international black market. If you have a minute, read about it in my post titled “Why Were We Whacked and Hacked?”

Change The Way You Think About Passwords

I ripped this paragraph right out of my other article, “Why Were We Whacked and Hacked?” because the information is important. Most hackers use software to hack. They load a database of words into the software which helps crack passwords in seconds. If your password is a word, chances are, it can be hacked in a couple minutes. Why? The database of possible passwords comes from a common source — the dictionary. Hacking software uses a dictionary database to detect words. So most any word we think can be matched to this type database. If the software detects mon, it’s going to figure out monkey is the password in just a few seconds. It’s inevitable.

You think monkey is a funny password? Or maybe you are sitting there thinking, ‘How did she know MY password?’ Check this list of common passwords (click) posted on Wikipedia from the past few years. Then come back and finish this article because we are talking about how to set up additional layers of security for our online accounts.

Hackers are not blind to substituting a number for a letter. That was my personal favorite. I felt safe doing this to my passwords. You know a word like Heaven!! I would change to H3av3n!! The brute force attack software hackers use do account for this type of substitutions now. Hackable in pretty much no time. Same with adding a special character like H3@ven!! Not even a challenge for the software.

I discovered Pass Phrases.

My friend, who used to be a hacker as a kid, gave a suggestion about two years ago to begin using a string of words that didn’t mean a hill of beans to anyone. Words that were unrelated and then strung together. The theory was the longer the password, the more difficult it was to crack. Since then, we have to do more. As a result, we still need the longer password, but now we have to make it complex!

Fast forward to almost 2020 and I researched more about password and pass phrases. Here are my tips to a new password:

  1. Use LONGER passwords. Try to get more than 15 characters, easily accomplished by use of a pass phrase. String together multiple words. To make it easy, it can be a simple statement of fact that you would remember. Example: Living On A Prayer
  2. Take that pass phrase and make it complex. I know, I just told you to make it easy and now I am telling you to make it complex. Trust me, it’s necessary to up the security of your password aka pass phrase. Ready? Make it complex!
    • To do that, add special characters because then the software must go beyond the 26 lowercase letters and 26 uppercase letters to get to the numbers and special characters
    • Yes – use spaces. You can in a lot of passwords and if you can, do
    • Use a word from another language like casa for house or bella for nice – don’t use those, but hopefully you get the idea. My family is Italian and Scottish, so sometimes I use words from those languages that wouldn’t be in an English dictionary.
    • How many misspelled words are in a dictionary??? Misspell away!
    • Use the upper and lower case
    • Use a completely different password for each online site. Don’t kill the messenger, please! Keeping track of a few passwords is definitely easier than losing information, money or your identity from online theft. Check out some password samples below:
  • My Old Password: Bugle.94 (I bet this could be cracked in 10 seconds)
  • New Password: Living On A Prayer On Facebook
  • Complex: Livn_#ona pr@yr -0n- fAC3b##k!?
  • And I could use this same thing for my bank: Livn_#ona pr@yr -0n- w3lls*fa_go!?

Are you following me? Notice the misspellings, the additional of special symbols and numbers. This really isn’t my password, but hopefully it illustrates how to be more secure with password creation. Here are some more:

  • Th*e_d)oG is=(hUng7y! (21 characters)
  • M1 (l0v3rs)_eyes #r verda (25 characters)
  • ($3cure my A$$t{! (17 characters)
  • N3/Xt -vac@y st(0) _f1jjji (26 characters)

Two-Factor Authentication

Until this hacking incident, I avoided the new Two-Factor Authentication, also known as 2FA. My first introduction was painful. There were so many steps. Get an email. Enter the code from the email, plus my login and password. Who has time? It’s akin to a password reset – those secret codes are irrelevant as email verification is required.

That was then. This is now and I want piece of mind.

Two-Factor Authentication is about proving credentials. It requires one item of what you know (password, pin, secret code), one item you have (your phone or email access) or something you are (fingerprint, iris pattern). For most of us, this is not new. Our ATM card requires a pin. Credit card charges online require billing zip and CV2 code. Now, it seems, while this isn’t quite bulletproof, it is yet another layer of security for our information.

Two-Factor Authentication is easy to set up. It uses a phone and app to access accounts. Google Authenticator is the one I use. I trust that Google has tossed enough R&D money to make sure the product works.

Start by downloading the app from the App Store, create an account and link accounts that use 2FA. When it’s time to sign into a website with 2FA, open the app on the phone and type the code into the computer. Codes update several times a minute — use them right away.

It’s this extra step that is peace of mind.

Keeping Tabs On The Passwords and Pass Phrases

I learned a lot this week and I personally have a lot of work ahead of me to completely secure my online presence. My passwords are no longer being saved on the computer, either in the browser or in a document. I’m writing them down in a password book I designed.

My Password Journal is designed for organization, offers plenty of space to record the website, login and password, date changed and even 2FA info. It’s a 188 page book that organizes passwords alphabetically, similar to a phone book.

This week, I published my Password Journal on Amazon and ordered myself a copy. It’s available if you want one, too. All the information I list here is also in the book, so it’s easy to reference how to make a better password.

It would make a fantastic gift. Follow the link here: https://www.amazon.com/Alphabetized-Password-Phrase-Blank-Journal/dp/1707028818

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.