“Buy anti-virus software.” “Install your system updates.” “Don’t visit questionable websites.”
All these tricks to protect yourself from security risks are just that - tricks. Real security comes from good habits. Build those habits first until it becomes second nature, and then implement strategies to further lock down your digital life.
First off, you need to kick these habits:
Social engineering. People who use social skills to acquire your passwords or clues to hack your passwords are dangerous. Mistrust everybody when it comes to your personal information. Even the people who are closest to you shouldn’t get your passwords from you, because if they are socially engineered, they become your weakest link. Another thing you should not be doing is making passwords with your personal information. We’ll cover that below later, though.
Sticky notes. There’s no point of creating passwords if you leave them lying out in the open, ready for the taking. Maybe your home might be like Fort Knox, but it takes only one curious or mischievous guest to make all your defenses crumble down.
Notebook. This is a close second to sticky notes. Writing down your passwords temporarily is fine when you’re trying to memorize it for the first time. But never put them in a permanent place like a notebook.
Text or document file. These kinds of files are not secure, so are equally not advisable for password storage. Here’s a rule of thumb - if it’s not encrypted, don’t use it!
Get into these habits instead:
Personal safe. Writing down your passwords on a sheet of paper at a time helps you memorize your password. However, once you’ve memorized it, put it into a personal safe. Of course, make sure it’s a safe that is very difficult to remove from the premises, either by purchasing a large safe or bolting it to the floor. It sounds like extreme measures, but we live in extreme situations.
Safe deposit box. We trust our banks with our finances, so it follows that we can trust them with our passwords too. Store your passwords in written or digital form at your bank. If you have a will written up, you can even leave your passwords with your next of kin.
Now that we’ve established the yes-and-nos of security habits, let’s move on to the passwords themselves.
Passwords are the gatekeepers to your personal life - banking, work accounts, Facebook, and especially email. Since email is the last line of defense where you can reset your password, you must make absolutely sure that your email password is not only unique, but highly secure.
If you’re using the following as passwords, you need to stop immediately because they are very easy to hack these days:
Birthdays. It doesn’t matter how you’ve formatted them. Birthdays are easy to guess because they only have so many combinations.
Pets. If you’ve ever had your account hacked because somebody guessed your pet’s name as the password, then you probably already have this as a “pet peeve”.
Family members. Friends and nicknames are also included in this list.
There’s a pattern here; if you publicly advertise your love for it, don’t use it as a password.
You’ve probably read or heard of guidelines for strong, secure passwords, but I’ll go over them with you here along with some advanced techniques:
Length. Passwords have to be a certain length, and that policy varies between applications and websites. Best practices are 8 to 12 characters, because it’s a length that you can still memorize but keep certain hackers at bay.
Complexity. Don’t just use lowercase letters (a-z) and numbers (0-9), change cases to uppercase (A-Z), and include special characters (e.g. !#$%^&).
Extremely secret. Have you been sworn to secrecy about something? Haven’t told anybody about something embarrassing? Have a secret love for Justin Bieber? It’s the perfect candidate for a password.
Passphrases. A passphrase is a short sentence or phrase made into a password, such as, “1<3Lampz” or “Uk1ck3dMYd0g”.
Acronyms. Take a long sentence and make an acronym out of it. E.g. “ADIDAS”, which is short for “All Day I Dream About Security”.
Be creative. You can bend the rules of language however you want. Spell something wrong. Use another language. Create a portmanteau (crazy + awesome = crazesome). The sky is the limit.
Mixed themes. If you plan to use a passphrase, make sure you don’t use words that are related to each other by theme. For example, you can use coffee and horses in one passphrase, but you shouldn’t use coffee and java together.
Two-factor authentication. Some apps or websites offer this feature, which means you are sent a second, time-limited passcode to your smartphone or other connected device after you attempt to log in. While it might be overkill for your World of WarCraft account, it should be mandatory for your email.
Secret email. Speaking of email, sign up for a secret email that you don’t use regularly to recover extremely important account information like your banking. Leave the newsletters and cat pictures to the regular email that you give out.
Put it all together. After you’ve looked at all these strategies, put as many of them as possible together into your password. This will ensure maximum security for you.
Change regularly. Just like your clothes, you should change your password on a regular basis. An average rule of thumb is every three months, but if you implement these strategies, you can safely do this every six months instead!
The final point for a good password strategy is to not use the same password on more than one site or application. This may seem difficult to do, but there’s a solution that I will introduce in the near future that can assist with this.
How many of these strategies can you implement into your life?
Yawhann Chong is a born and raised Thompson resident with various skills in media arts and technology. He worked for a decade in corporate IT and acts as a technology evangelist to friends and family. Most of his free time is spent as a freelance copywriter, photographer, filmmaker, and author. You can check out his blog at YawhannChong.com and film reel at ZhangYaohan.com.