RULES FOR SECURE PASSWORDS
The "NOT TO DO" Shortlist.
The FIRST and most important rule I would like to suggest is NEVER --- EVER enter a password from a link that arrives in
an e-Mail. Scammers set up bogus phishing sites that are expert counterfeits of bank sites, and will appear to be genuine. This is the easiest way for a
scammer to get your passwords and access to your money. If you get an email that APPEARS to be from PayPal™ or from any other financial institution
asking you to verify or update your account information, chances are it is an attempted scam. Do NOT reply to these emails, or click any links in them.
DELETE THEM IMMEDIATELY!
If you have any concerns about your bank account or PayPal ™ account, then go DIRECTLY to their Web site from your browser's URL window and check
the status of the account. Any messages from the bank, will be posted in your message section when you log in to your account. Never respond / click on
links in emails from banks or any financial institution.
Never go to a bank / payer account from an e-mail link.
Why? Links in e-mails often take you to a replica of a legitimate Web site, where the information you enter goes directly to the crooks. Replying to these
emails confirms to the crooks that the email address is valid, and may allow the more technically advanced of them to phish your computer's IP address as
well.
Never enter a password on a library computer, or a computer in an 'Internet Cafe'.
Why? Crooks can install software on public PCs called keyloggers which store every keystroke in a file. After you leave, the crooks can retrieve this file
and see every keystroke you made, giving them access to your password and log-in information. You can avoid this by using a Roboform 2 Go security
key (see below).
Your passwords should not be any word that can be found in a dictionary.
Why? Some hacking software uses the words in a dictionary in automated attempts to gain access to your account. Although this may take some time due
to limitations on how many attempts can be made during a logged-in session, the software persists until it exhausts all the words in the database, during
which time you may not be able to log in to your own account.
Your passwords should not be a pet's name, or the name of a family member.
Why? Anybody who has even casually met you can get access to your account.
Your password should NOT be your mother's maiden name as some banks require.
Why? Genealogy sites and public records can be accessed by anyone. If your bank of financial institution asks you for your mother's maiden name....
MAKE ONE UP!
Your passwords should not be birthdays, or dates of any sort.
Why? Anyone who casually knows you or logs on to a genealogy site can get birthdays, etc.
Have different passwords for every account.
Why? The compromise of ONE account will not affect the others. The problem of remembering different passwords is addressed in the DO Short List,
below.
Passwords should be at LEAST 8 characters long where possible on the site being accessed.
Why? Longer passwords are exponentially more difficult to hack.
Passwords should not make ANY sense - except to you.
Why? If the password makes sense to anyone except you, it should be changed.
Never write passwords down. If you must, store them in your PDA under a master password that follows these rules, or use a Roboform 2 Go USB key
(see below).
Why? Writing passwords down defeats their purpose.
Make your passwords case-sensitive whenever possible; i.e.: dbx7Gh5Rs2 vs. dbx7gh5rs2.
Why? Case-sensitive passwords - especially when they include numbers - are orders of magnitude harder to hack and impossible to guess especially if
they don't make any sense.
The "TO DO" Short List;
Change your passwords often.
If you find all these different passwords difficult to remember, then the next suggestion is the solution for you. Trying to hack a changing password is like
trying to hit a moving target - it is much more difficult.
To keep passwords OFF your computer, and to safely be able to use other PCs (even library and Internet Cafe PCs) get a copy of Roboform 2 Go.
This program stores your passwords (so you don't have to remember them, and you therefore can make them as long and as complicated as you wish) on
a standard USB drive (if you don't have one, you can pick one up at Best Buy, or similar stores). With this program, you will have access to all your
password / log-in information, and it is encrypted on the USB drive. When you remove the USB drive from the computer, the program unloads itself, and
there is no trace of the passwords left. See the Roboform 2 Go Web site for other security products as well. I personally use one, and it is very convenient
and safe. This small investment you will make in a USB drive and the software to load onto it, is a ONE TIME investment that easily protects your security
while also solving the problem of remembering every password for every account you have.
The FIRST and most important rule I would like to suggest is NEVER --- EVER enter a password from a link that arrives in
an e-Mail. Scammers set up bogus phishing sites that are expert counterfeits of bank sites, and will appear to be genuine. This is the easiest way for a
scammer to get your passwords and access to your money. If you get an email that APPEARS to be from PayPal™ or from any other financial institution
asking you to verify or update your account information, chances are it is an attempted scam. Do NOT reply to these emails, or click any links in them.
DELETE THEM IMMEDIATELY!
If you have any concerns about your bank account or PayPal ™ account, then go DIRECTLY to their Web site from your browser's URL window and check
the status of the account. Any messages from the bank, will be posted in your message section when you log in to your account. Never respond / click on
links in emails from banks or any financial institution.
Never go to a bank / payer account from an e-mail link.
Why? Links in e-mails often take you to a replica of a legitimate Web site, where the information you enter goes directly to the crooks. Replying to these
emails confirms to the crooks that the email address is valid, and may allow the more technically advanced of them to phish your computer's IP address as
well.
Never enter a password on a library computer, or a computer in an 'Internet Cafe'.
Why? Crooks can install software on public PCs called keyloggers which store every keystroke in a file. After you leave, the crooks can retrieve this file
and see every keystroke you made, giving them access to your password and log-in information. You can avoid this by using a Roboform 2 Go security
key (see below).
Your passwords should not be any word that can be found in a dictionary.
Why? Some hacking software uses the words in a dictionary in automated attempts to gain access to your account. Although this may take some time due
to limitations on how many attempts can be made during a logged-in session, the software persists until it exhausts all the words in the database, during
which time you may not be able to log in to your own account.
Your passwords should not be a pet's name, or the name of a family member.
Why? Anybody who has even casually met you can get access to your account.
Your password should NOT be your mother's maiden name as some banks require.
Why? Genealogy sites and public records can be accessed by anyone. If your bank of financial institution asks you for your mother's maiden name....
MAKE ONE UP!
Your passwords should not be birthdays, or dates of any sort.
Why? Anyone who casually knows you or logs on to a genealogy site can get birthdays, etc.
Have different passwords for every account.
Why? The compromise of ONE account will not affect the others. The problem of remembering different passwords is addressed in the DO Short List,
below.
Passwords should be at LEAST 8 characters long where possible on the site being accessed.
Why? Longer passwords are exponentially more difficult to hack.
Passwords should not make ANY sense - except to you.
Why? If the password makes sense to anyone except you, it should be changed.
Never write passwords down. If you must, store them in your PDA under a master password that follows these rules, or use a Roboform 2 Go USB key
(see below).
Why? Writing passwords down defeats their purpose.
Make your passwords case-sensitive whenever possible; i.e.: dbx7Gh5Rs2 vs. dbx7gh5rs2.
Why? Case-sensitive passwords - especially when they include numbers - are orders of magnitude harder to hack and impossible to guess especially if
they don't make any sense.
The "TO DO" Short List;
Change your passwords often.
If you find all these different passwords difficult to remember, then the next suggestion is the solution for you. Trying to hack a changing password is like
trying to hit a moving target - it is much more difficult.
To keep passwords OFF your computer, and to safely be able to use other PCs (even library and Internet Cafe PCs) get a copy of Roboform 2 Go.
This program stores your passwords (so you don't have to remember them, and you therefore can make them as long and as complicated as you wish) on
a standard USB drive (if you don't have one, you can pick one up at Best Buy, or similar stores). With this program, you will have access to all your
password / log-in information, and it is encrypted on the USB drive. When you remove the USB drive from the computer, the program unloads itself, and
there is no trace of the passwords left. See the Roboform 2 Go Web site for other security products as well. I personally use one, and it is very convenient
and safe. This small investment you will make in a USB drive and the software to load onto it, is a ONE TIME investment that easily protects your security
while also solving the problem of remembering every password for every account you have.
