With all the news about internet security recently, I thought it is timely to review password security. Passwords are a main tool for protection against hackers.

Passwords should be at least seven characters long. With 26 uppercase letters, 26 lower case letters and 10 digits, there are 3 trillion password combinations available. With so many combinations, the reason so many passwords are hacked is because 96% of users use the same common passwords from a list of 1000. The top 6 most common passwords are:
  • password
  • 123456
  • 12345678
  • 1234
  • qwerty
  • letmein

Your main line of defense is a secure password. A secure password is a long password. It should not be obvious. Do not recycle passwords, but create new, unique passwords each time you change your password. Do not use personal information like your name, birthday, or passport ID number. Use passwords that are different from your other passwords. Using uncommon spelling, capitals in unconventional ways, and use of non-letters is recommended. Change your password regularly. Once every 90 days is great, but at least once a year.

The best password in the world is of no use if you allow others access to it. Keep your password secure and never share it with anyone without a "need to know". Use antivirus software on your computer to prevent malware from harvesting your password.

Be careful if you get an email asking you to change your password or provide any personal information. Phishing is the number one method hackers use to hack accounts. Spies from China use special types of phishing called spear-phishing. Be cautious even if it appears to come from a legitimate company. Do not follow the link in the email to change your password. Instead, type a known link to the company independent of the email.