Consumer Watch: Picking the safest password
OKLAHOMA CITY (KOKH) —
Americans report having the least amount of trust in the federal government and social media sites when it comes to keeping their information safe according to the Pew Research Center. In spite of this lack of trust, many people continue to use weak passwords because they are easy to remember.
Even your strongest password might not be any good enough anymore. When it comes to digital security, there has been a major shift in thinking, and it will change what it means to have a secure password.
Maybe you thought you were being safe with your most clever password, but it turns out you might have given yourself a false sense of security.
“The old thinking was, it's got to be jumbled up gobbledygook mess of uppercase, lowercase, numbers, special characters, things like that, which is ok, but the real safety and security lies in how long it is,” says Dave Moore, an Oklahoma IT professional.
So, how long should it be? Some sites have character limits, but Moore says 25 characters is not too long.
“When you start looking at government agencies, I think the NSA recommendation now is 30,” says Moore.
A 2010 study found that many people tend to just capitalize the first letter of their preferred password and add a one or an exclamation mark. That makes it no harder to crack. Pass phrases might be easier to remember and harder to crack, but you should try to make them tricky.
“Maryhadalittlelamb-- too obvious, easy to figure out. Ilovesoonerfootball is taken, so don't even try that one, but you can string together words, and throw in a few numbers, throw in a few special characters into a phrase that you can remember,” says Moore.
Here is how that might look: ilove2fishpurpleunicorns!butonlyonmondays
This password is actually more than 40 characters long, has a number and special character, and is odd enough that it would be simple to remember. It's unlikely that it would be guessed since it makes no sense, but since this particular one has been on TV, so maybe don't use it.
If you do have serious concerns about your data online, or your just tired of your social media accounts getting hacked and spamming your friends, consider a multi-factor authentication. That means using a password, and a special code sent to your phone to access accounts.
If you are going to use password hint questions, it's also important that it's not something people know about you, or something that could be easily looked up.