How Your Favorite Song Lyrics Can Protect Your Identity

how-to-make-strong-passwords

What if someone told you that you could use some of the words from your all-time favorite song as your password? Not only that, but that it could actually be as effective as some difficult-to-remember imbroglio like Ge0rg34m@gr!|| — you know, something like what your IT department sends you as a start-up password.

Would you doalittledancemakealittlelovegetdowntonight?

If your answer is yes, yes, you would do a little dance … and get down tonight, good news! A recent study by some really smart people at Carnegie Mellon University found that the use of long, sentence-like or phrase-like passwords like the one above is increasing among people looking for easier-to-remember passwords. Not only that, but it could be “a promising user authentication mechanism.”

The really smart people, otherwise known as researchers, looked at the role of “grammatical structures underlying such passwords in diminishing the security of passwords.” Or in layman’s terms, they questioned whether they were easier to hack than the letter-number-symbol jumbles we’re all so familiar with. The answer was no, not really. It turns out that hacking programs find a lengthy password almost as difficult to crack as a seemingly random one.

The researchers went into the study viewing text-based passwords involving a trade-off between usability and security. “System assigned passwords and user-selected passwords subject to complex constraints (e.g. including mixed-case, symbols and digits) are harder to guess, but less usable,” the researchers wrote. “Conversely, simple, memorable user-selected passwords offer poor resilience to guessing.”

In order to find a compromise, researchers and organizations have begun recommending the use of longer user-selected passwords with simpler composition.

The idea isn’t particularly new. Security pros have been using similar passphrases for years, albeit somewhat differently. This trick takes a sentence and then uses the first letter of every word. For example: “I love pizza 3 times a week″ would be ilp3taw. You can be really clever and add capital letters and a special character or two, like iLp3T@w.

“If one could use biometric encryption, that’s certainly better, but even biometrics have been spoofed,” said Adam Levin, co-founder of Credit.com and author of “Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves.” “But in situations where biometrics are not available, a passphrase is probably a better option than a typical password.”

Also, with a phrase, you could create a variety of different passwords out of that single phrase, Levin explained. Add a couple of letters in the front for a particular website and a couple of numbers in the back, and you can have a different password for every site, all of which will be fairly easy to remember.

“Also, there’s less tendency to use an overly simple or flat-out bad password like ‘password’ if you use phrases,” Levin said.

It’s also important to remember that a significant percentage of identity theft occurs among family and friends, Levin warned, so “if it’s a phrase you use frequently that someone could guess, it’s probably not a good option.”

As the really smart people at Carnegie Mellon wrote: “More research is necessary to fully understand the effect of structures on long passwords,” but they’re definitely worth considering to keep your accounts secure.

Remember, identity thieves can strike at any time. To guard against identity theft, it’s important not just to keep your passwords or passphrases strong and secure, it’s also wise to monitor all of your financial accounts on a regular basis, as well as your credit. If an identity thief has stolen some of your information to open a new account in your name, it will impact your credit scores.

You can monitor your credit scores for free twice a month on Credit.com. Any unexpected changes in your score could signal identity theft, and you should pull copies of your credit reports (you can do that for free once a year) to investigate further. Acting fast can help protect your credit and your finances.

Image: PeopleImages

The post How Your Favorite Song Lyrics Can Protect Your Identity appeared first on Credit.com.

The Worst Passwords of 2015

worst passwords

Despite all of the data breaches and scams that have proliferated over the last few years, we sure love our bad passwords.

For the fifth year in a row, “123456” and “password” topped password manager provider SplashData’s annual “worst passwords” list. Its latest version was compiled from more than 2 million leaked passwords mostly held by users in North America and Western Europe during the year. New and notable entrants include “starwars,” “solo” and “princess”  — undoubtedly tied to the massively successful debut of Star Wars: The Force Awakens this year.

Meanwhile, other repeat offenders were “dragon” (No. 16), “111111” (No. 14), and “letmein” (No. 19).

Of course, it wasn’t all bad news on the password front this year, as SplashData notes that websites and users were at least trying to be a bit more secure by lengthening their terrible passwords.

“For example, ‘1234567890’, ‘1qaz2wsx’ (first two columns of main keys on a standard keyboard), and ‘qwertyuiop’ (top row of keys on a standard keyboard) all appear in the top 25 list for the first time,” SplashData wrote in a press release, before pointing out that “they are each based on simple patterns that would be easily guessable by hackers.”

The top 10 worst passwords of 2015 are:

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. football
  8. 1234
  9. 1234567
  10. baseball

How to Set Strong Passwords

Strong passwords are important because they help keep hackers from getting into important accounts and/or getting a hold of sensitive personal information that can be used to steal your money or, worse, your identity. A strong password generally mixes letter, numbers and special characters, uses both upper- and lowercase letters and is at least 10 characters long. They also don’t include your name, birthdate, common words, simple pop culture references (ahem, The Force Awakens) or any information (like, say, the name of your dog or cat) that can be easily found on social media.

Remember, it’s also in your best interest to change passwords often and to refrain from using the same one across accounts. Plus, if you have any reason to believe your personal or payment information has been compromised, you should keep a close eye on your financial accounts and your credit report. You can do the latter by pulling your credit reports for free each year at AnnualCreditReport.com and viewing your two free credit scores each month on Credit.com. Signs your identity has been stolen include a sudden drop in credit scores, mysterious lines of credit you’ve never opened and unfamiliar addresses.

More on Identity Theft:

Image: gpointstudio

The post The Worst Passwords of 2015 appeared first on Credit.com.