Find Us on Facebook
Automatic locks on the family car: check.
Safety deposit box for valuable papers: check.
Padlocks for bicycles: check.
Secure passwords for online assets: uh-oh.
Now that families conduct so much of their social and financial business online, strong passwords are every bit as important as sturdy locks on the doors of your house. Unfortunately, parents who are very conscientious about other forms of family security often do the virtual equivalent of leaving the key under the doormat.
The recent security scare called Heartbleed should have been a wake-up call. If you haven’t already changed passwords for your online accounts, now is the time. And while you’re at it, teach your kids to create smart passwords too. (A curriculum for doing just that is available from Common Sense Media: commonsensemedia.org/educators/lesson/strong-passwords-3-5).
The simplest way to manage passwords is to store them all in a vault-like piece of software that will generate, encrypt and remember highly secure passwords on your behalf. Free and reliable programs are available from LastPass, KeePass and Norton Identity Safe. Just be sure that the program you choose will allow easy access on all the devices you use.
Unfortunately, setting up password software requires time that busy parents may not have. Also, the password that gets you into the software becomes the equivalent of the one ring that rules them all, so if you forget it, you are doomed. Those who decide to forgo software need to get serious about creating tough passwords. The first rule is to avoid weaknesses that create openings for trolls, bullies, hackers and identify thieves. Here are three things you don’t want to do:
1. No personal information. Professional hackers know that it’s easier to remember details from your own life, so if you become a target the first passwords they’ll try are names of people and places that are meaningful to you. Google yourself. Anything that comes up won’t be a good password. That includes birthdates, addresses, employers, phone number, names of family and friends. Next review your social media profiles. Don’t use anything that’s ever been listed as a favorite.
2. Avoid recognizable words. Many programs have been designed to crack passwords, and most start with a dictionary of words in English and other languages. Using any recognizable word, including proper nouns, makes you more vulnerable. Adding an unexpected capital letter, a random number or an exclamation point makes the password a bit stronger, but not much.
3. Don’t be cute—or lazy. Despite years of warnings, people still use default passwords like “guest” and “password,” as well as sequences of keys on the keyboard such as “890-=\” or “qwert.” Hackers are also acquainted with obvious substitutions like “&” for “E” or “@” for “A” or “2” for “to”. And it’s not especially clever to use well-known number sequences like Pi or the Fibonnaci series.
Strong passwords are long (use at least 8 and preferably 12 characters), and varied (use a combination of letters, numbers, punctuation marks and symbols). Of course, a long and varied password is harder to remember. Here are several ways to generate passwords that are both random and memorable:
Letter Scramble. Start with a longish word or short phrase that you will remember. Scramble the letters and substitute numbers and symbols for some of them.
Mix it Up. Choose two words that mean something to you and alternate their letters. If your dog’s name is Skippy and you live at 345 Woodside, your password would be 3S4k5iWpopoyd.
Experts disagree about whether passwords should be recorded. Most say that a password that’s hard to crack will also be hard to remember, so you’ll probably want to keep a copy somewhere safe. Consider a locked drawer or between the pages of a favorite book. A Post-It on the computer monitor is not a good place for a password.
Eventually everyone forgets a password, so be sure your password recovery systems are up to date. Many websites send a prompt or reset option to an email address. If you change your email, update the sites that require passwords. Providing a cell phone number also provides a layer of security, especially if you have a cell phone that can be locked if it’s lost.
Once you’ve found what seems like a great password, there’s a temptation to use it often and keep it forever. Don’t. Experts recommend using different passwords, especially for sites that involve financial information. And put a “change passwords” reminder on the calendar so you do it at least as often as you change the oil in the car.
Many security experts argue that passwords are obsolete. Perhaps, by the time your kids are adults, they may be able to protect their online assets with a fingerprint or a DNA scan. In the meantime, however, mastering the art of strong passwords is just one more way parents can have the peace of mind that comes from knowing you’ve protected what is precious to your family.
Carolyn Jabs, M.A., raised three computer savvy kids including one with special needs. She has been writing Growing Up Online for over ten years and is working on a book about constructive responses to conflict.