Password Do's & Don'ts

Password Do's & Don'ts

Posted by: Chris Utley

Posted: October 7, 2009

We recently did some work for a client which required the transfer of data from one machine to a new machine that he had purchased. Prior to us arriving on site, the customer frantically called us up telling us that he could not access his email from any of his three computers. He thought we had done something to disable the account while were transitioning the data.

Unfortunately, it was a free hotmail.com email address that he had been using for years. What most people do not realize is that there is no support available with the exception of a few knowledge base articles on the web. This is true for all free email accounts. This was the first part of our problem.

The second part of the problem was that he was using a very basic password that he had been using for years. The thought never crossed his mind that he should change it on occasion. Apparently, he had signed up for something on the Internet, which required his email address and a password. Unfortunately, he used the same password that he had been using for years. The people that obtained this information had full access to his hotmail account, including all of his correspondence, his address book and his security information.

The person logged into the account, reset the password on the account and changed all of the secret questions they ask you if you should forget your password. They then proceeded to email all of his contacts; both personal and professional, telling them that he needed to borrow $1700.00 for an emergency situation. Within days, acquaintances that he has known for years were calling his office ready to offer their assistance. He had to admit that the whole situation was a little embarrassing and that he did not need to borrow money. To date, he still has not been able to access that free email account.

Do not get me wrong. There is absolutely nothing wrong with using a free email address, but we wanted to offer some suggestions on how to protect yourself and your personal information on your computer and on the web.

You should change your computer passwords and account passwords on websites at a minimum of every three months.

You should not use your children’s names or pet names as passwords and do not believe for a minute that adding a 1 at the end of it will offer you any additional protection.
You do not want to use the same password for everything. It makes them easy to remember, but if you were to use the same windows login password that you use for your online banking, which is stored in history by the way; anyone who has access to your computer, has access to your checking account.

Oftentimes, what we suggest to our clients is that if they want to use similar passwords, they should come up with a different password for different types of accounts. For example, use the same password for all of your financial information and use a different password for all of the websites that you require a login, where they want you to create an account. Then rotate those passwords out. Make sure you keep a password protected excel spreadsheet with all of your logins and passwords for quick reference.

We also recommend that computer users use special characters in their passwords. Most online sites require a combination of letters and numbers, but most of the time you can use a special character as a substitute for a letter. For example, you can substitute the “@” for an “a”, or how about substituting a 0 (zero) for the letter O. The word password would appear like this: p@ssw0rd. Other popular characters on the keyboard that people do not think about when using passwords would include any of the following; “?”, “+”. “^”, or even a “{“. Be creative with your existing passwords. Protect yourself!