As your neighbors leave their house one morning, you see them slip a spare house key from under their doormat, then set the key on top of the mat, where it glints in the sun. That’s essentially the same as scrawling a username and password on a bright Post-it note, then sticking it on the computer monitor.
If the Post-it password seems foolish, it’s also revealing. With every new login a person creates, the person is forced to balance competing agendas of efficiency, security and human memory. Obviously, easily cracked passwords (the classic example being “password” itself) increase the risk of someone else being able to access your data. At the same time, the more sophisticated passwords many websites now require can be impossible to memorize.
Since creating a password usually creates an obstacle between you and something you want to do, there’s a disincentive to create strong passwords. Instead of thinking how best to protect your data, you might opt to go with a simple password that’s easy for you to remember. To save time and headaches, some people use a “password safe” program like KeePass or LastPass to automatically log in; others save individual passwords in their web browser.
If there’s an underlying trick to great passwords, it’s being mindful while setting up logins. A distracted person can (and will) forget a password minutes after creating it. With that said, here are four important password tips to remember.
- For secure passwords, mix capital and lowercase letters, numbers and special characters: For easier memorization, you could start with a word you’ll remember, then substitute numbers for certain letters, like zero for “O” or the number four for “A.” True, including a real word could weaken your password, but good luck remembering a different random sequence for each website that you use. (That’s how you end up with your password on a Post-it note!)
- Take the time to fill out all security questions: In most cases, you can recover or reset a lost password by answering security questions — unless you skipped this step. Not filling out the security questions when setting up a new login is a surprisingly common mistake among small-business owners. Take them seriously. This will save you time and headaches down the road.
- Secure your mobile devices: Lock your mobile device with a passcode. It’s also important to review your mobile apps’ security settings. With many online banking apps, for example, you can set the app to log off after a certain period of inactivity — perhaps five minutes. This way, if your phone is lost or stolen, your important data will be locked even if someone cracks your four-digit passcode.
- Set a date to change your passwords: Some networks and websites now require you to change your login after a few months, but with other accounts, it’s tempting to just keep using the same old passwords for years. To keep your accounts secure, put a recurring reminder in your calendar to update all of your passwords at least every six months.
Even people who are careful with certain accounts, like online banking, might be lax about passwords for email, for instance, even though such tools also can contain plenty of sensitive information. Remember the underlying principle: good password management starts with being mindful, strategic and consistent.
What’s the worst password blunder you’ve encountered? What were the consequences? What tips do you have on creating (and remembering) great passwords? Let us know!
Read more: Good Password = Good Idea