4 tips to help create stronger passwords for online security
Users selecting weak passwords may be contributing to a spate of hacks and fraud on Starbucks cards and Starbucks mobile payments app, according to recent news reports. The news is another reminder just how important strong passwords are in our day-to-day lives as well as in our professional lives, where weak passwords can create vulnerabilities for a business’s entire network.
If you wonder about the prevalence of weak passwords, take a look at this great presentation on passwords in April by PayPal’s Global Head of Developer Advocacy Jonathan LeBlanc:
- Almost 10% of password users use either the word “password” or “123456” or “12345678” as their password.
- 91% of password users use a password that is in the list of 1000 most common passwords — like “letmein,” “123123,” and “iloveyou.”
As a best practice, businesses should have written password policies that specify, among other things, that employees change passwords every 90 to 180 days. Many IT systems can also be configured to require a password reset on a regular schedule, such as every 90 days.
But, in the end, the burden is on consumers and employees to set strong passwords, and “iloveyou” or “111111” don’t pass muster.
Consider these tips for setting stronger passwords that can help protect you from hackers:1. Make passwords random. Don’t use family names, birthdates, addresses, or other common information in your passwords. If you’re worried about remembering your passwords, consider tricks like stringing together song lyrics, or memorable lines from movies, or movie or book titles. 2. Make passwords complex. Use a combination of upper-case letters, lower-case letters, numbers, and symbols. One trick is to use the number 1 in place of the letter “I,” or “$” in place of the letter “S,” or zero in place of the letter “O.” 3. The longer, the better. Ten characters are considered the minimum for a very secure password. 4. Don’t write down or store passwords on a computer. If you have trouble remembering all the complex passwords that you use on the Internet, store them in a secure, encrypted place.
In response to the recent media reports, Starbucks stated May 13 that its payments app had not been hacked and provided password tips for users of its mobile app.