As indicated by a recent internet privacy breach (where private nude photos of celebrities ended up on public websites), it is becoming harder to keep secrets. In most cases, the photos were stolen from private iCloud accounts, leading to speculation that Apple’s security measures had been compromised. As it turns out, there was a more mundane explanation: many of the victims were simply lethargic about setting and maintaining secure passwords, or had used identity verification questions which were easy for hackers to guess, based on ubiquitous clues from gossip columns and public social media posts. While we are not too worried about hackers trying to access intimate pictures of our clients, we are definitely concerned about their financial information being stolen. So we wanted to provide you with what we think are good tips to make your passwords more secure:
- Don’t just use a word or sentence even if you replace some letters with numbers or symbols: “ilovemydogs” is not much easier to crack than “1l0vemydog$”. There are programs that can generate hundreds of thousands of guesses per second on a PC or Mac that will crack such passwords in little time;
- Do not use the same password on more than one site, especially financial sites, emails, etc…
- Do not base your password on your kids, pets, birthdays, etc…
- Make your passwords at least 10 characters long;
- Change your most important passwords (bank, email, etc…) regularly;
- We highly recommend using password management programs such as 1Password for Macs or LastPass and Roboform Everywhere for windows PC. The advantage is that they can be used to generate solid randomly-generated passwords;
- When creating the master password for these programs, use the tips above. Other ideas include picking a random yet personally memorable sentence, and use the first letter of each word in that sentence to construct a password; or picking 4 or 5 random words in the dictionary and combining them. There are multiple resources on the internet to help you generate strong passwords such as Diceware Wordlist, which creates words from dice;
- Whenever possible, we recommend using 2-factor authentication, an extra layer of security that requires not only a password and username, but also typically a code that only, and only, that user has access to via a smartphone or a physical token. An increasing number of websites today make use of Google’s authenticator app for instance.
We will stop short of guaranteeing that these tips will keep your data safe no matter what. Unfortunately, hackers develop more and more powerful programs. Hopefully, it will be an improvement for some of you, and more importantly, it will make your passwords harder to crack than others’.