Tips for Secure Passwords

Despite all the warnings, the two most common passwords are still 123456 and password. These passwords are dangerously easy to guess, even without the technical know-how of an experienced hacker. In this blog post, we’ve put together some helpful tips for creating secure passwords.

February 1 is National Change Your Password Day, which is a great occasion to review smart strategies to secure your most sensitive information. Let’s get started:

Make Them Long

An 8-character password is considered the minimum length for security. Many websites won’t accept anything shorter. Ten is even safer, so let’s start there.

Choose Something Catchy

Start with something memorable, but not obvious. Your anniversary, pet’s name, and children’s birthdays are too easy for others to guess. Consider the title of a movie, book, or song you’ve always liked.

OverTheRainbow

That starter has 14 characters (not including spaces) that you’ll remember but that aren’t identifiable as uniquely yours.

Mix it up

Next, change some characters in your starter password.

• Most sites require 8- or 12-character passwords, so you can choose to remove some letters: overtrnbw
• Swap some letters for numbers that they resemble: 0v3rtr3nbw
• Use at least one symbol, either added on or in place of a letter: 0v3rt*r3nbw
• Switch at least one upper-case letter to lower-case, or vice versa: 0v3rt*R4nbw

That would be a strong password. You can even take it one step further by adding a letter to represent the site that it accesses. For instance, add a “B” if it’s the password for Online Banking, giving you the final 13-character password of 0v3rt*R4nbwB.

Apply this Method for Unique Passwords

This is a rule that’s commonly ignored: Do not repeat passwords on multiple websites. If you reuse a password, then a single data breach can have widespread impact. Hackers use an automated process called “Credential Stuffing” to try one stolen login on site after site.

Password Management

Unless you have the memory of an elephant, remembering secure passwords for every login could present a challenge. Here are two options to consider.

Cloud-based Password Managers generate and securely store a distinct password for every site you visit. A quality Password Manager will offer additional tools to auto-fill forms in all browsers on all your devices, send data-breach alerts, and protect you against ‘phishing.’ That’s when fraudulent websites try to trick you into entering your password; a good Password Manager can distinguish authentic sites from fake ones.

You can handle password management on your own, provided that you never store your password list on your computer. If it’s ever hacked, a criminal will have access to all your online accounts. For password management, DIY means old-school handwritten hardcopy. Always keep your paper password list secure (in a locked drawer, for instance) and separate from your devices.

Getting Started

These tips may leave you with some work to do! Take it one step at a time, even if you can’t do it all on National Change Your Password Day. Just be sure to prioritize websites that access sensitive information, such as your financial accounts.

One final tip: Keep your passwords to yourself. Remember that you will never receive a text, call, or email from PFFCU requesting your Online/Mobile Banking password, user name, secure access codes, or account numbers. If you suspect a scam, ignore it and report it to us at 215-931-0300 or 800-228-8801.