Securing Email and Other Online Accounts: Avoiding Common Password Mistakes

by Christopher on April 24, 2011

As more people open more online accounts, the opportunities to hack into them multiply and the potential benefits become more substantial. On the other end, this means Internet users have an ever-growing need for a larger collection of strong, secure passwords.

Unfortunately, the majority of people opt for the convenience of easily remembered passwords when securing online accounts. This makes the job of hackers all too easy, especially considering that many of today’s hackers don’t need to sit at their computer attempting to guess passwords. Basic, fully-automated programs that run through password possibilities until they crack the code or exhaust their algorithms are widely used.

One typical online security mistake is using the same password for multiple, if not all, websites. If one account is hacked into or otherwise compromised, so are the others. Using very similar passwords for multiple sites that only contain a minor variation is just as dangerous. The IT security publication Security Week reported on August 16, 2010 that 250,000 connected user names, email addresses, and passwords for social networking sites are readily discoverable online, and that 75 percent of these account holders use the same password for an email account. It follows that many of these people use this password elsewhere, as well. Always use a unique password for each site with which you have an account.

Then there are the passwords that are commonly used or easily guessed, especially to those who know you or find personal information about you. You’d be surprised how many people make “password” or “letmein” their password.

Avoid all names, whether they are yours or those of family, friends, coworkers, pets, your personal deity, famous people, fictional characters, or others. This also includes names of places, bands, sports teams, books, movies, or any other proper noun. Never use dates, either.

Any correctly spelled word found in any dictionary, English or otherwise, is a weak password. Don’t duplicate a user name for a password, and don’t use information related to your computer or internet, such as a brand name, operating system, host, or ISP.

Refrain from making any natural numerical or alphabetical progression a password, and the same goes for the same character repeated, like ggggggggg, and sequences of keys as they appear on a keyboard, like qwerty or asdfg. Any of these things typed backwards or used with the addition of a digit or two is still a weak password.

Most people also stick with the same passwords indefinitely. Savvy web users know to change their passwords at least once every three or four months. Passwords should be well-guarded secrets. Don’t share them with anyone, don’t leave them written down for others to find, and be sure nobody can see you when typing them in a public place, even at work. Keep in mind that coworkers, bosses, friends, or partners might not always be coworkers, bosses, friends, or partners.

Simply avoiding these common password mistakes is the most important part of keeping your email and other online accounts secure from hackers. Most anything else you do will be fairly safe. Remember that the longer the password, the more secure it is, so stay near the maximum number of characters allowed by a site. Passwords should use both lower-case and capital letters, and should contain at least one digit and one symbol in addition to letters.

The key to a secure password is simply making sure it isn’t entirely logical, part of any predictable sequence, or part of any sort of list or directory that can be run through. Make your passwords strong, make them all different, and keep them secret, and you shouldn’t have any online security problems related to having accounts hacked.

Posted in: Email Security

Previous post:

Next post: