The clues we leave

Lee este artículo en español

This is a hot topic lately, so let me ask you: do you use OAS FCU’s Online Banking?

Let’s make a test!

Examining your password

Think of your online banking password, and answer these questions:

1. Is it 8-12 characters long?
   
2. Is it a common word you’d find in a dictionary? Is it a name, place, a random word you like, the name of someone you like, a day of the week, your pet, your childhood’s pet, your favorite film or your favorite team? Any of these but your spouse’s or kid’s (as in your kid’s best friend’s name, your girlfriend’s favorite band or your dad’s favorite sports team?
3. Does it have a number added? Is that number one or two digits, like a month of the year? Did you use more numbers, but they are someone’s birth day, birth year, or the last 4 digits of your phone number?
4. What about s symbol? Do you have a symbol from among those above the numbers on your keyboard?

If you answered yes to the first two questions, your password is very, very weak; if you use any of the numbers I ask about on the third questions, your password is still weak. If you added a symbol to the password, it’s still weak.

Types of password we need

There are many passwords that we have to manage, and you can divide them into three categories: 

1. Those that sign you up to for using random small services. For example, the app for

   

   Image: Luca Bravo

   your local grocer, which you use to make shopping lists.
2. Those that you use regularly and involve disclosing things about yourself and what you do (in work and in life); social media and work/school sites fall into this category.
3. Sites that involve money: the places you shop online (Amazon, Etsy, etc.), the sites that manage your money (online banking and investment sites) and those that provide paid services to you (your gym, your cable company where you buy pay per view, streaming services, gaming platforms).

What kind of passwords do you have protecting the things on numbers 2 and 3?? The more sites on which you have weak password, the more exposed you are.

You see, anyone wanting to compromise your computer may gain access to weak password information from your social media, your desk, your desktop, or your wallet; it’s a matter of how much they want to risk in looking for the clues we leave. In the right (wrong) hands, it's a question of time before all your personal and financial data become an open book.

When you use things that are significant to you, you weaken your password. The moment

someone is able to break one of your password, it becomes a domino effect. They first thing a hacker will do is try the same password on all other accounts that she/he finds with your name/email attached. If another account cracks, the hacker gets more information. Anything with financial information (like your card numbers stored on Amazon’s database) that gets its password cracked means your financial security is toast.

Ask yourself now: when was the last time you changed the password? If the answer is more than one year, I strongly recommend that you go through the exercise of reading the rest of the article and go through the process of making a great password. Please, consider doing this not just on your online banking, but any account where you have financial information or personal information (that includes social media and LinkedIn).

For each website where you disclose information about yourself or make any type of payments, you need a strong password.

Changing passwords

The easy way to have strong password is using a random password generator and using a password manager on your computer, tablet and phone. I do understand that there are very good ones, even for free, and if you wish to try them out, it is one way to go.

The sceptic in me pauses at the thought. I think of the Equifax data breach; and I think of the iPhone that the FBI itself hacked to gain access to a mass shooter’s information. I also know that nobody can tell if it’s true that Kaspersky, the antivirus company, is providing information to a foreign national government. When I gauge all of these things together, I just can’t say that I trust the creation of my passwords, or their storage, to anyone or anything. I don’t need to be a conspiracy theorist to feel this way. 

Nonetheless, when/if you choose to use a password manager, the best way to check their

safety is to google the name with the word “hacked” behind. That should help you find one that, to date, has proven reliable.

Making a strong password on your own

According to experts, the best thing to do is start with a sentence. They suggest picking lyrics from a song you like, a line of a book or poem, something that means something to you. To show you how password strength works, you can try the following exercise on the password strength checker Password Meter. 

I’m going to try Password Meter with a David Bowie song title, “Ashes to Ashes”.

It has 54% security, quite weak. So, let me tweak it to “Ashes to Ash€s”. Suddenly it has 92% security. Now let’s switch two small things and try “AsheS t0 Ash€s”... now I have a password that’s 100% secure.

If you try this, you can scroll down and see what parts of my password are still weak to help you make one of your own. Repeated letters in the same case, consecutive lowercase letters are still bad issues for me. 

But here are a few things to help you make unbreakable passwords of your own:

• Never use something you can find in a dictionary, or on Wikipedia.
• Spaces not only count as characters, they strengthen your passwords.
• Switching uppercase and lowercase around helps. If you think this will make you forget your password, make a rule. For example, the second and the next to last letters on your password will have switched case. 
• Switching letters for numbers and the other way around is great. But avoid the obvious switches like “@” for “a” or “3” for “E”. 
• Aim for longer when possible. But, if you have a limit to characters, you can make a sentence into a passphrase. For example, a password “Once Upon a Time in America” could be “1ce uPon a Tim€ iN am€riCa” or, turned into a passphrase: “1ceUAtiNa”.
• Which reminds me: don’t hesitate to use symbols!

If you follow the rules above, do not repeat passwords on your key accounts, and you will

not have to worry about their strength ever again. And, if you are the kind of person who forgets passwords (I am!), may I suggest what the Department of Homeland Security says in the Stop.Think.Connect campaign? Write your passwords on pencil in a notebook/sheet of paper and keep that at home, in a place that you know but isn’t obvious, and away from your computer/office.

See you again next month!