Your Password Can Make All the Difference

With hundreds of millions of people on the web, it’s easy for many of us to buy into our own obscurity and assume we’d never be interesting enough to be targeted by would-be hackers and thieves. After all, most of us don’t have millions in our bank accounts, executive positions in multinational corporations, or even recognizable names. So why us? As a result, many of us are probably not as private as we should be. Using the same log-in information like usernames and passwords for all of our online activity is something most people will admit to. Of course, this isn’t always a crucially bad idea, since even I have frivolous email accounts that don’t get widely used, don’t receive emails with any confidential information and hardly get checked. But should the log-in information you use to get into a frivolous email account be the same as the one you use for perhaps your most important account of them all—ie, your bank account? Probably not!—and yet, we do it anyway.

The truth is that we ordinary citizens are the easiest to target, and therefore the most frequently targeted. Identity theft is rampant in this country and increasing with each passing year. A Gartner research study in 2006 reported that between 2005 and 2006 alone 15 million Americans fell victim to identity theft, with the average money stolen—and largely unrecovered—hovering around $3,257. Naturally, the advent of the internet and the personal computer has made identity theft much easier to execute and perhaps endlessly more damaging. 56-year-old David Crouse from Chicago knows first hand how destructive identity theft as a result of careless online usage can be, as Market Watch reports that in the last year alone some $900,000 in merchandise, gambling and telephone-services charges were siphoned out of his debit card. His credit is completely shot, his confidential information has been made public and is still being used to open accounts, and his attempts to repair his finances have cost him nearly $100,000 while utterly decimating his complete savings and retirement. Crouse was an avid online-shopper before falling victim to identity theft and frequently inputted his debit card into websites like eBay and song-downloading software like iMesh.com before noticing that strange things started to happen. The first odd charges to his account were merely occasional and ranged between $17 to $30. Eventually escalating, however, his efforts to open new bank accounts didn’t deter them from getting hit as well, and hundreds of thousands of dollars later, he regrets every moment he spent carelessly inputting his private information across the web.

Of course, Crouse’s case is an extreme one, and few of us will have to face such severe circumstances. Nevertheless, identity theft can be a very real threat to our well being and a simple thing like choosing varied and appropriate passwords can make all the difference.

The United States Computer Readiness Team has put together a few helpful tips in choosing passwords for your online use, and their first suggestion is to not choose something that is personal and easy to remember. It’s very easy for someone to choose an important date, a pin number, or even the last 4 numbers of their Social Security number for passwords, but in our digital age this information is so easy to figure out that it may not be a great idea. Same with using words taken straight out of the dictionary, which can make you susceptible to “dictionary attacks” where hackers use various methods to scan words within the dictionary and hone in on your password.

A great method being offered by the group is to “rely on a series of words and use memory techniques, or mnemonics, to help you remember how to decode it.” The example they use suggests that instead of using the password “hoops,” use “IlTpbb” for “[I] [l]ike [T]o [p]lay [b]asket[b]all.” That way your password will be easy to remember for YOU, but will remain virtually unintelligible to anyone else. Using a combination of lower and upper-case letters can be effective also, but ultimately the best defense is to use a combination of numbers, special characters, and both lower-case and capital letters. And coupling this combination with long sentences as opposed to short words or phrases will inevitably be more difficult for outsiders to decode! “This passwd is 4 my email!” is a great example offered by the group as it includes multiple characters, lower and upper-case letters, numbers, and special characters. Who would ever think to enter that sentence in your password field?

Naturally, there is no 100% guaranteed technique that will keep your private information out of the hands of the wrong people, but any step you take to ensure your privacy can only help. So long as you take the time to make sure your passwords are original and you log out of every website when you’re finished, you’ll be less vulnerable than most web-users out there, and that’s saying plenty.