I hope you enjoyed Part 1, here is Part 2
Why do you need to use a different password for every website?
So perhaps you don't really care if your LinkedIn profile is stolen. And maybe it doesn't matter if someone else can get into your LinkedIn account. But what happens if you used the same password on LinkedIn as you used for your email or your Facebook or your Internet banking?
Now, anyone who knows how to get into LinkedIn can also see your bank account information or post on your Facebook page or send virus-laden emails to all of your friends and family. Cyber criminals know that many people use the same passwords for different accounts and you can bet that if they know login information for one website, then they'll try to break into other accounts with this information. But you can stop them by using a different password for each account.
Here's an example: American electronics megastore BestBuy reported that they have been seeing increasing numbers of criminals using login emails and passwords stolen from other websites to log in to BestBuy's website. Someone who used the same email and password for their LinkedIn and BestBuy accounts would be at risk of the LinkedIn password thieves using the same password to log into BestBuy and order themselves televisions and iPads using the innocent account-holder's saved credit card. http://consumerist.com/2012/06/11/best-buy-hacker-attacks-are-increasing/
This is why it's important to use a different strong password for every site you have an account for.
What is a strong password?
So we know why simple passwords are bad. And remember a simple password is something like a dictionary word, a name, or repeated or sequential characters. So if your password is 123456 or carrots or kaitlyn or qwerty then it can be unscrambled almost instantly.
So, you need something more complicated. Unfortunately, the crooks know all the same tricks that you do. Maybe you've thought about using a word but replacing an i with ! or replacing a with @ or putting a 1 at the end? But, the criminals already thought of that. c@rr0ts1 is almost as easy to break as carrots.
Remember that the longer and more complicated your password, the longer it will take to unscramble. Complicated passwords are ones with both capital and little letters, and that have numbers, spaces and special characters like ^ and & and * in.
You may have been advised to used complicated passwords like h&sx9(^kEr53. This is a really strong password. But of course, the problem with h&sx9(^kEr53 is that while it is a very strong password, how on earth are you going to remember it? Fortunately, there's a better way to make strong passwords.
How do I remember my passwords?
Instead of complicated, hard-to-remember passwords, try using a sentence instead of a password. This is called a passphrase. A passphrase is something like a phrase from a book, a line from a song, or any other sentence or sequence of words that you can remember. Here's some examples,
The Lion, the Witch and the Wardrobe
All I want for Christmas is you!
My favorite band is Simon & Garfunkel.
Most websites will let you use long passwords or passphrases, often up to 30 characters. If you can use a sentence like one these as your password, then they are much, much harder to break than a single word.
And in fact, these sentences are even better passwords than ones like h&sx9(^kEr53. This might sound unlikely, but the longer the password/passphrase is, the harder it is for criminals to find it out. And, if you think about most sentences, they have capital and small letters, and they have spaces, and they often have punctuation and special characters - so they turn out to be surprisingly strong passwords!
But it's still hard to remember a password for every site!
If you are like me, you probably have 10 or more online accounts. So it might seem overwhelming to create strong passwords or passphrases for everything.
Start by prioritizing your most important accounts, and upgrade them to strong passwords or passphrases. This could be your internet banking, your retirement accounts, health insurance, premium bonds, national insurance, eBay, PayPal, **Jan maybe you can you edit this list?** or anything connected to money or personal information all need strong, unique passwords.
Your email also needs to have a good password. Think about how many other websites you use that you can reset your password by emailing a link to you. So, you need to protect your email as well!
What you don't need to worry about as much is sites that don't store any personal data about you. This might be sites that require you to register to read an article or post in a forum. If these websites don't have any personal data about you, the you don't need to put so much effort into making a good password.
Creating Strong, Safe Passwords for Online Accounts
So remember these four things:
- Use long, complicated passwords, or even better, passphrases.
- Never use the same password in more than one place.
- Make sure your most valuable accounts have secure passwords.
- Change your password often - every 3 months is a good target.
I trust the above information and advice will help and secure your passwords!