By Sallie Petty, Junior Computer Science major and Lab Admin for the UW-Green Bay Center for Cyber Security, Outreach and Education
I still remember when I was a little girl and first found out how to make encoded messages by using numbers for each letter in the alphabet. I was so excited to have this secret language I was convinced no one else would know how to interpret. My secrets would be completely safe. I’m sure my parents were smiling at me thinking how cute I was to think I had been so very clever.
Of course, I eventually realized that everyone knew how to replace the letter “A” with a “1” right on down through the alphabet, and my code was really very breakable. My secrets were not very safe after all!
This concept is extremely important to remember when trying to secure our most sensitive information with a password. We think we are being clever by using our birthdates or special anniversaries and mixing up the numbers with our initials or the names of our beloved pets. We don’t realize just how available all this information is. It doesn’t take much for someone to go to your Facebook page and, if your security measures aren’t very strong and your page isn’t locked down tight, find out all sorts of personal information about you, or even go through a friend’s page that isn’t very secure and find out information about you. They can then use this information to guess your usernames and passwords and before long, they are into your accounts.
We have all heard the common suggestions when picking a password and making it secure: don’t write it down; pick unusual combinations; pick a different password for every site. Honestly, these “suggestions” can be unrealistic at best. Coming up with a secure password that you can remember, has at least one number, and letter, or capital letter, or is six to eight digits long, or is eight to 12 digits long, or whatever other varying requirement a certain page has can be an effort in frustration and annoyance. Oh, and by the way, you have to change it every six months… Looking at you, UWGB! So, how are you ever going to pick a distinct password for every website, not write it down, and change it every six months????
Take some deep breaths and calm down. Here are my suggestions for a bit of a reality check on these requirements. Please keep in mind, these are merely suggestions. The chances of your accounts being hacked are pretty high just because of how our world works now a days, but if you are realistic about your expectations and your passwords, you can be fairly successful at keeping your information as safe as possible in an electronic world.
- Use unimportant dates: Need some numbers, but don’t know what to do? Use dates that you will remember, but are fairly unimportant to you. I often use holidays that are not particularly important to me, but will give me a series of numbers I can remember. I then mix them up in a pattern of some sort. You can write this pattern down without giving away your password. For instance, using the last day of May and St. Nick’s Day we get the numbers 5, 31, 12, and 6. You could write down “1M, 2D, 1D, 2M.” In this case, that means you would have 563112. It’s a seemingly random sequence, but one that makes sense to you.
- Use the names or initials of a friend or friend’s pet: Combine a friend’s initials with an animal you know and you have some great “random” letters. Or combine a first initial with a first name or middle name. Capitalize only the animal’s initial or just your friend’s, and it’s easier to remember.
- Use symbols you can make some “silly” sense of: When I first made a password I put two exclamation points after a pet name, so when I would type my password in, I would always shout the pet name in my head. Sounds silly, but I never forgot those symbols. When using the ampersand I put an “and…” in my thought process. When using a dollar sign I hear “cha-ching.” Making your symbols fun makes them easier to remember.
- Change your password often: As for a unique password for every site, who’s got the time and brain-power for that? I have three or four passwords I use at any one time. I put in my calendar to change them all every six months, because honestly, that is a good practice, and I wait a year before re-using a password. I never reuse a password on a site it has been used before. In order to remember which of my passwords is on each page, I have a little note that says something like “Visa: Petbestiecha-ching1M2D1D2M” this tells me everything I need to know to identify which password I have used for that particular site.
Let’s be honest, we will all probably be hacked at some point in our lives, and we may all end up with personal data, finances or other information floating out there that we wish was not, but we can protect ourselves as much as possible. Be vigilant. If something seems off on an account, change the password on all your accounts that share that password.
And know no matter how difficult we think our passwords are, someone (or some computer) is out there, smiling and thinking how cute you are thinking you are clever.