Rules for Keeping Your Passwords Hidden

In a well-known story, a simple woodcutter overhears a secret password--"Open Sesame"--that a group of thieves uses to unlock a magically sealed cave containing a vast treasure. Because the password was easy to remember, the woodcutter was ultimately able to appropriate the treasure for his own use. Had the thieves taken just a few simple common-sense precautions to protect their password, however, the story might have turned out very differently.

open sesame Substitute "online account" for "magically sealed cave," and the same holds true today. Most of us have significant financial and personal information that's readily accessible through the Web, in most cases protected by nothing more than a username and password. Given the damage that can result from unauthorized access to this treasure trove of information, it makes sense to pay attention to a few simple common-sense rules that apply to online passwords.

DON'T SHARE YOUR PASSWORD

The thieves in the story were doomed from the start--all shared the same password, and had to yell it out loud to open the cave. Today, we type passwords into computer keyboards, phone and ATM keypads, and at checkout registers. Just as you wouldn't shout your password out for all to hear, don't make it easy for others to see you entering your password (e.g., by looking over your shoulder). And don't share your username or password with anyone, for any reason.

DO USE STRONG PASSWORDS

Your password should never be a word that can be found in a dictionary; today's cybercriminals use sophisticated dictionary programs that can quickly try to enter every word in the list as your password. Better to use a combination of numbers, uppercase letters, lowercase letters, and symbols. And a longer password is generally better than a shorter password. Your password also shouldn't contain personal information that's easy to guess--children's names, names of pets, or phone numbers, for example.

Many websites provide specific criteria for passwords. For instance, you may have to choose a password that is exactly eight characters long, contains both uppercase and lowercase letters, at least two numbers, and at least one punctuation symbol. The tradeoff, of course, with such "strong" passwords is that they're not always easy to remember.

You might try using mnemonic devices to remember your passwords (tnwoeIgtra33p!!= there's no way on earth I'm going to remember all 33 passwords!!). In practice, though, like many, you may find yourself breaking the next general rule.

DON'T WRITE DOWN YOUR PASSWORDS

You may keep track of all of your different account and website passwords by writing them down. That's really not a good idea, though. It's a particularly bad idea to keep your list of passwords on a file stored on your computer or mobile device. The risks are obvious--just imagine the consequences if your password list were to fall into the wrong hands.

If all the mnemonic tricks in the world aren't going to help you remember the seemingly countless number of passwords you need to be able to recall on a regular basis, and there's just no way that you're going to part with that password list, consider a password manager program or application. These programs encrypt your login and password information--basically, you only need to memorize one password: the one that lets you access the password manager.

If you do keep a password list, make sure the list is stored someplace safe, and that it's not readily accessible by others. For example, don't leave your list of passwords open on your desk, right next to your computer.

DO USE DIFFERENT PASSWORDS FOR DIFFERENT ACCOUNTS

When you spend the time coming up with a strong password that you can remember, there's an overpowering temptation to use that same password everywhere you can. Bad idea. You should always try to use a different username and password with each account. The danger in using the same username and password for everything is that if one of your accounts is compromised, all of your accounts are at risk. And change your password periodically; change it immediately if you see any suspicious activity in your account.

DON'T LET YOUR GUARD DOWN

Good password practices and a little common sense can go a long way in protecting you from cyberthieves. The key is to avoid common mistakes, educate yourself on basic Internet security practices, and stay on top of things by regularly checking your accounts. Above all, don't be lazy--the time and effort you'll spend today implementing effective passwords is nothing compared to the problems you'll face if you find that you're not the only one with access to your accounts.