Password Protection

In today’s world, password protection is extremely important for managing identity theft and fraud. Like most people, you probably have and use many passwords to manage your online bank accounts, travel accounts, social networking accounts, retail accounts and more. But how do you select your passwords, and how do you remember all your passwords?

Many people select and use easy to remember passwords and even use the same easily guessable passwords for accessing most of their accounts. Using easy to remember passwords has its security advantage because it allows users to easily remember them without having to write them down which also increases identity protection risks. But the problem is that not only these easy-to-remember passwords can also be easily guessed, they can also inflict a greater damage when the same password is used for multiple and critical account access.

Some people on the other hand might select hard to guess and complicated passwords, which forces them to write them down to remember later. In such cases, depending on how and where they store their list of passwords, they might place the privacy of their passwords and account security at risk. For example, I’ve heard of people who write their passwords on paper and keep the list in their wallet or purse. Or, others who write them on a computer spreadsheet, store the file on their computer desktop for easy access, and carry their computers everywhere without password protection or encryption. If the computer gets lost or stolen, the password file becomes available to strangers. In addition, if the written hard-to-guess passwords are used for accessing multiple critical accounts, the risk gets even higher when the password list is exposed to fraudsters.

In summary, below is a list of the various scenarios we just discussed:

1- Same easy-to-guess password is used for accessing most accounts,

2- Different easy-to-guess passwords are used for accessing various accounts,

3- Same hard-to-guess password is used for accessing most accounts, and

4- Different hard-to-guess passwords are used for accessing various accounts.

The first scenario above poses the greatest risk because not only the password can be easily guessed, the same password can be used to access multiple accounts. And, the problem with hard to guess passwords is that they are also sometimes hard to remember forcing people to write them down.

By now, you probably wonder what the best password protection strategy is when selecting, remembering and using passwords. The short answer is a balanced strategy. But the long answer is we must select unique passwords which are hard-to-guess but easy-to-remember. Here’s how:

In order to ensure effective password protection and management, you need to pay close attention to the password creation process. We use passwords to access and protect our accounts and thus we want to keep a balanced approach between password protection and efficient password use for account access. If our approach is not balanced, we may have an easy life but less protection, or too much protection and inconvenient life.

Password protection tips

• Passwords must be strong enough to prevent others from guessing what they are but at the same time easy to remember for you without having to write them down. One approach is “Relational Sentencing” as I call it. For example, suppose you have a travel website account. You could select a sentence that relates to the purpose of the website such as "I love to go to San Diego". Then, you must transform the sentence into a shorter password because most websites will not allow you to select a long password. The password for this case might be "Iluv2go2SD". The sentence and the transformation process will be different for each person but the end result is the same which is to have an easy-to-remember and hard-to-guess password. Other variations of the same sentence transformation might include "IL2g2SD" or "Ilv2g2SD".

• Same passwords must not be used for multiple and critical accounts such as various bank accounts. You must use strong and unique password for each critical account. This is to ensure that if one account password is compromised, your other accounts remain protected. For non-critical accounts that do not involve private or financial information, you may use the same password but must still use hard to guess passwords.

• Write down in codes or manual encryption. If you must write down passwords because of a memory loss, always write them down in codes that only you can understand. For example, you may create a password comprised of your mother’s maiden name (ex. Giesep), birth date (ex. 3/5/1942), and place of birth (ex. New York). The password might be something like "Gsep3542NY". In this case, if you must write down the password to remember later, use a code such as "mother last, birthdate, New York". This will help you remember the elements of your password but no one else can understand what you are saying or communicating. You can also identify your codes by numbers for easy referencing when writing them down. For example, you might reference the above password code as Code # 1 and use this reference for all other accounts for which the same password is used.

• Select a combination of numbers, letters, upper or lower case characters, and special characters such as @, &, ? when constructing passwords from your relational sentences.

• Store passwords in encrypted devices. If you keep a list of your passwords in a computer spreadsheet, you must save the file in encrypted devices such as your laptop, USB or phone and other portable devices. This way the information stored in the device can not be read if the devices are lost or stolen.

• Never share or reveal your passwords. If you are forced to share your password with others, change the password as soon as possible and update your password list if necessary.

Return to home page from "password protection".

Identity Protection Insights Newsletter

Effective identity protection requires dynamic and integrated solutions. This site provides awareness, education and many solutions to address the growing problem of identity theft. Please sign up for the Identity Protection Insights newsletter to receive periodic notification of important articles and solutions, major identity theft news analysis, fraud alerts, and other service announcements.

Enter your E-mail Address
Enter your First Name (optional)

Don't worry — your e-mail address is totally secure.
I promise to use it only to send you Identity Management Journal.