How Your Favorite Song Lyrics Can Protect Your Identity

how-to-make-strong-passwords

What if someone told you that you could use some of the words from your all-time favorite song as your password? Not only that, but that it could actually be as effective as some difficult-to-remember imbroglio like Ge0rg34m@gr!|| — you know, something like what your IT department sends you as a start-up password.

Would you doalittledancemakealittlelovegetdowntonight?

If your answer is yes, yes, you would do a little dance … and get down tonight, good news! A recent study by some really smart people at Carnegie Mellon University found that the use of long, sentence-like or phrase-like passwords like the one above is increasing among people looking for easier-to-remember passwords. Not only that, but it could be “a promising user authentication mechanism.”

The really smart people, otherwise known as researchers, looked at the role of “grammatical structures underlying such passwords in diminishing the security of passwords.” Or in layman’s terms, they questioned whether they were easier to hack than the letter-number-symbol jumbles we’re all so familiar with. The answer was no, not really. It turns out that hacking programs find a lengthy password almost as difficult to crack as a seemingly random one.

The researchers went into the study viewing text-based passwords involving a trade-off between usability and security. “System assigned passwords and user-selected passwords subject to complex constraints (e.g. including mixed-case, symbols and digits) are harder to guess, but less usable,” the researchers wrote. “Conversely, simple, memorable user-selected passwords offer poor resilience to guessing.”

In order to find a compromise, researchers and organizations have begun recommending the use of longer user-selected passwords with simpler composition.

The idea isn’t particularly new. Security pros have been using similar passphrases for years, albeit somewhat differently. This trick takes a sentence and then uses the first letter of every word. For example: “I love pizza 3 times a week″ would be ilp3taw. You can be really clever and add capital letters and a special character or two, like iLp3T@w.

“If one could use biometric encryption, that’s certainly better, but even biometrics have been spoofed,” said Adam Levin, co-founder of Credit.com and author of “Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves.” “But in situations where biometrics are not available, a passphrase is probably a better option than a typical password.”

Also, with a phrase, you could create a variety of different passwords out of that single phrase, Levin explained. Add a couple of letters in the front for a particular website and a couple of numbers in the back, and you can have a different password for every site, all of which will be fairly easy to remember.

“Also, there’s less tendency to use an overly simple or flat-out bad password like ‘password’ if you use phrases,” Levin said.

It’s also important to remember that a significant percentage of identity theft occurs among family and friends, Levin warned, so “if it’s a phrase you use frequently that someone could guess, it’s probably not a good option.”

As the really smart people at Carnegie Mellon wrote: “More research is necessary to fully understand the effect of structures on long passwords,” but they’re definitely worth considering to keep your accounts secure.

Remember, identity thieves can strike at any time. To guard against identity theft, it’s important not just to keep your passwords or passphrases strong and secure, it’s also wise to monitor all of your financial accounts on a regular basis, as well as your credit. If an identity thief has stolen some of your information to open a new account in your name, it will impact your credit scores.

You can monitor your credit scores for free twice a month on Credit.com. Any unexpected changes in your score could signal identity theft, and you should pull copies of your credit reports (you can do that for free once a year) to investigate further. Acting fast can help protect your credit and your finances.

Image: PeopleImages

The post How Your Favorite Song Lyrics Can Protect Your Identity appeared first on Credit.com.

The Lesson Mark Zuckerberg Just Taught Everyone About Reusing Passwords

zuckerberg_hacked

Facebook CEO Mark Zuckerberg apparently didn’t read the warning about using different passwords to protect online accounts.

Sources told The Wall Street Journal that Zuckerberg’s Twitter and Pinterest accounts were hacked over the weekend. Per the paper, Zuckerberg utilized the same password — “dadada” — to protect each account. That password had appeared last month in a database of more than 100 million usernames and passwords that was stolen from LinkedIn back in 2012, it said.

Screenshots taken by Engadget show hacker group OurMine, using their now-suspended Twitter account, to alert Zuckerberg (@finkd) of their takeover on Sunday, saying “Hey @finkd we got access to your Twitter & Instagram & Pinterest, we are just testing your security, please dm us.”

Representatives from Facebook, Instagram, Pinterest and Twitter did not immediately respond to Credit.com’s request for comment. Facebook did tell Engadget that the hackers didn’t get access to any of its accounts or systems.

Why Strong Passwords Are Important

Zuckerberg’s reported hack serves as a strong reminder not to skimp on password security. “Dadada” may not be on the list of 25 passwords you should never use, but it certainly wasn’t the most secure one out there, given that it’s short, repeats characters and doesn’t vary the types of characters used with numbers or symbols (all generally considered good password rules of thumb.)

And, while it may not seem like that big a deal to have a social media account compromised, using the same passwords across accounts, could open you up to other vulnerabilities, including card fraud or deeper identity theft. A thief, for instance, could potentially gain access to your bank account if it’s protected by the same password as a social media account that got compromised.

It’s generally a good idea to go through your passwords and update them regularly, making sure you are using secure passwords, unique to each site. And, if you ever think your personal information has been compromised, you may want to monitor your credit accounts or even freeze your credit reports. Sudden changes in your credit scores can be a sign your identity has been stolen. You can get two of your credit scores for free, updated each month, on Credit.com.

More on Identity Theft:

Image: FLDphotos

The post The Lesson Mark Zuckerberg Just Taught Everyone About Reusing Passwords appeared first on Credit.com.