Protecting Your Passwords
As more consumers adopt online banking as their primary financial management tool, choosing a safe password to protect your account, money and identity is critically important.
Online banking security represents a balancing act between security and convenience, and researchers say most users make poor choices when they create their passwords.
PC users have long regarded passwords as a necessary evil and, although they generally understand the need to have a strong password, most dilute their online security by choosing easy-to-guess passwords or using the same passwords on a wide range of sites.
Mistakes to Avoid
One of the most common mistakes people use when they select passwords is using very obvious candidates such as "password" or "qwerty" (the first six letters in the top letter row on a standard keyboard).
A study of usernames and passwords harvested when criminals created a fake log-in page for the social networking site MySpace revealed common passwords such as:
Other easy-to-guess passwords can include pet names, hometowns, street names, and similar information that many users display on social networking sites without thinking about the consequences. Put a few clues online and someone running a Google search may find enough other details to complete the picture, or to make informed guesses.
These easy-to-learn details can be especially dangerous when used with a weak password recovery system on a site. Someone could hit the "forgot your password?" link on a site, for instance, and answer the verification questions to change a password and take over an account by locking out the legitimate user.
A related mistake many people make is using the same user ID and password combination on a variety of sites. While this approach means your passwords are easier to remember, it increases the risk of having your password compromised in several places if someone guesses it, or if a rogue employee at a legitimate site hacks users' passwords.
Similarly, just about any word that's been printed in a dictionary can be guessed using password-recovery programs that are used by the good guys as well as the bad guys. Most Web sites will lock out accounts after a number of unsuccessful log-in attempts to guard against these types of attacks.
Security researchers advocate using a phrase known only to you as the basis for a password that seems to be gibberish, but is still easy to remember. Including uppercase letters and numbers increases the complexity and security of your password. For instance, you could use an expression such as "My grandmother lives at 198 Elm Street" to derive the password "mgla198ES." With seven characters, a blend of upper- and lowercase letters, and numbers, this expression would form a reasonably strong password.
With the need to manage an ever-growing list of ever-complex passwords, more users are turning to password management applications for help. Programs available for Windows and Macintosh computers can generate strong passwords comprised of random character strings, and store those passwords (and user IDs) on your computer. To log onto a password-protected site, the password management application enters the information into the appropriate fields.
Most password management programs give you the option of having to enter a master password as it launches, or when it's going to log you in to a site. This approach allows users to remember a relatively simple password on their computer, and a more complex one for the Web site.
A password management program, and devoting some time and attention to choosing good passwords, will go a long way to helping you tip the security/convenience factor more toward protecting yourself online.