Everything done online seems to require a password these days! In this world of life online and this world of hackers, they have become a necessary part of life. Debate is constantly occurring in the information security world about what the best practices are to ensure the safety of our information online with only one consensus – we need to use passwords!
When dealing with passwords, the more complex and the more frequently changed a password is, typically will limit the speed with which a password is hacked. Of course, with some professional hackers, that statement is pretty immaterial – they can hack it in 15 minutes even if complex! Best practice is still to encourage 8 – 24 characters in length, using a combination of: capital letters, lower-case letters, numerals and special characters.
Weaknesses in passwords can include using “words” in passwords such as January14*, your name, or even the word “password”. These are the easiest to hack! One way to make a simple password stronger would be to substitute a special character for a letter – for example GoMNTwins could become GoMNTwin$ – making a simple password a more complex password, but keeping it easy to remember.
As far as frequency to require a password change, industry standard is 90 days – with some stating even 60 days. More frequent changes will cause any automated password hacking software to have to restart the process and start over.
The security of your information is only as good as you make it – by selecting more complex passwords by adding some special characters and strange places of capitalization to slow the hackers down.
Most Internet Banking and financial systems add other levels of security besides passwords, making their sites more challenging to access. Information security recommendations for multiple ways to verify you are who you say you are, or using multi-factor authentication, requires that we include the following in how we determine if you should have access to what you are asking for:
- Something a person knows (user ID and password)
- Something a person has (challenge question responses)
- Something a person is (if selecting “Private” access, it looks for small bits of computer code on your computer to make sure it is you). Choosing “private” can be an issue if you are trying to access a site from multiple computers (work and home) or you have tight settings on your computer blocking the code from saving (blocking cookies). If the website cannot find those pieces of code, it really isn’t sure it is you, so will require additional information, typically more challenge questions, in order to make sure you are who you say you are.
Security settings will most likely only become stricter, so we may as well get used to our long list of passwords and the frustration of needing to remember all of them. But, in closing, our information is only as secure as we make it – we want to make sure your money is safe, but can only do that with the help of the customer’s security practices!