Tech@Work: Identity Theft

What’s the password? Make sure the answer is tough to crack.

September 1, 2006

The Internet has proven irresistible to crooks. Identity theft complaints reported to the Federal Trade Commission totaled 255,565 in 2005, an increase of 18.6 percent from 2003. That’s why the FTC is teaming up with the NATIONAL ASSOCIATION OF REALTORS® and other groups to combat identity theft. Identity thieves are primarily after one thing: your passwords. Once they collect them, they can gain access to your accounts and steal your identity. But password hacking can be avoided with minimal effort.

Poor password practices

People make it easy for hackers and other identity thieves by putting too little effort into choosing and maintaining their passwords. Here are some password practices to avoid.

  • Don’t use dictionary words, proper nouns, foreign words, or backwards words. Most hacker programs will easily crack these password codes.
  • Don’t use personal information such as your name, child’s name, occupation, telephone number, ID number, address, or birth date. A great deal of personal information is available online. In addition, someone who knows you may have this information and use it to access your computer.
  • Don’t share your password with anyone—not with your spouse, siblings, boss, or coworker.
  • Don’t write your password on a Post-it and stick it on your monitor or any other easily accessible location. In fact, you shouldn’t write down your password.
  • Don’t save your password as part of an automatic login script if anyone else has access to your computer.
  • Don’t rely on Internet Explorer’s AutoComplete function, which “remembers” form entries and automatically lists suggestions for entries. Click the “no” box when you’re asked if you want the program to remember your password.
  • Don’t keep a record or list of your passwords in an unencrypted file on your computer where it’s susceptible to hacking.
  • Don’t choose or change your passwords on a public computer or in a public place.
  • Don’t use the same password on multiple accounts.

Good password management

Perhaps the single most important thing to remember when creating a new password is to make it hard to guess but simple to remember. Your password should be at least six characters long and include a combination of letters, numbers, and symbols. Also make sure you use a mix of capital and lowercase letters to make your password even more difficult to crack (see “3 ideas for more secure passwords”).

Change your password regularly, once every three months at a minimum. Always log off when you’ve finished using a site, and close your browser to prevent others from gaining access to any personal information.

Today, we need passwords or PINs everywhere. Remembering them can be annoying and even overwhelming. But giving in to poor password management opens the door to identity thieves.

3 ideas for more secure passwords

Make your passwords difficult for hackers to decode.

  1. Use the first letter from every word in your favorite expression or line in a story, poem, or movie. For example, “Pay no attention to the man behind the curtain,” from The Wizard of Oz could lead you to the following password: PnAttMBtC.
  2. Choose a word as your password, but then substitute similar-looking numbers for some of the letters in your passwords, such as 1 for I and 8 for B. For example, Football may become F00t8a77.
  3. Choose a password you want to use and then come up with a keystroke mapping system. For example, if you choose to do an upper-left keystroke system, you would choose the letter to the upper-left of the actual key you wanted. So if your password were football, your keystroke password would be r995gqoo. It sounds complicated, but you need to look at your keyboard anyway. Why not choose the letter to the upper-left, left, or lower-right of the word you want to remember?

Bill Carey is the vice president of marketing at Siber Systems Inc., a software company based in Fairfax, Va. The company produces RoboForm software, a password management and form-filling tool. You can reach Carey at b2carey@siber.com.

Notice: The information on this page may not be current. The archive is a collection of content previously published on one or more NAR web properties. Archive pages are not updated and may no longer be accurate. Users must independently verify the accuracy and currency of the information found here. The National Association of REALTORS® disclaims all liability for any loss or injury resulting from the use of the information or data found on this page.

Related