Greensburg Daily News, Greensburg, IN

January 10, 2014

Changing passwords is worth the effort

By Jenni Hanna
Daily News

---- — As you may have heard, hackers recently stole 40 million debit and credit card numbers from customers using the in-store registers at retail giant Target.

Those affected were primarily post-Black Friday shoppers. Unfortunately, I was one of those shoppers. As a matter of precaution, my local bank suggested I shred my old card, and offered to re-issue a new one within the week.

As I rarely carry cash, the week without my card was certainly an inconvenience. After a few days of waiting, I finally received my new card. It was at this point, however, that I realized the disruptions weren’t over. I would now have to update my auto-pay accounts that had been associated with the old card and make adjustments for the new card numbers.

Although updating the account numbers was a hassle, my husband reminded me that this inconvenience paled in comparison to the troubles of having passwords, and possibly my identity, stolen. I don’t often admit it (especially publicly!), but he was right.

The idea of a stolen card-or worse-led me to thinking about some of my various online accounts and how secure they are. I got to thinking about my passwords, wondering if they are strong enough. As we all know, everything seems to require a password anymore. Even here at ETC, customer accounts are tied to a password. Customers often comment that a password for their phone/TV/internet account seems extreme, but there is justification.

The perfect example is a broken home. When a divorce turns ugly, it is not unheard of for a divorcee to attempt to disconnect services at the home where the former spouse remains. A password offers a layer of protection.

As for passwords, almost everyone can agree it is hard to organize and keep track of these. Programs like ETC’s Password Genie offer a one-stop-shop of sorts. They store all passwords for all accounts, and you are left with memorizing only one master password to get into the password program itself. Once logged into the program, you can then look up your other accounts.

If a single master password program is not ideal for you, then consider ‘best practices’ for establishing a password. This column has discussed ‘best practices’ before, but it’s a topic that certainly bears repeating:

-Don’t use the same password for all of your accounts. Consider this: If you forget a password for a particular account, will the password be emailed to you if you request it? Assuming that particular emailed password is used for multiple accounts, what happens if your email is hacked? The hacker now has access to multiple accounts.

-Use the hardest passwords for your most important accounts, including your bank account or credit card.

-Don’t use an actual word that can be found in the dictionary. Hackers can often gain clues to your password simply by looking at your Facebook page. If your Facebook page announces that you are a huge Indianapolis Colts fan, it is not advisable to reference the Colts in your passwords.

-Consider using a passphrase, but in an abbreviated form. Determine a sentence, and use only the first letter or two of each word to create a passphrase.

-Incorporate symbols, numbers and capital letters in your passphrase. If possible, use symbols in place of numbers (i.e. use a “!” in place of using “1”).

In keeping with the points above, taking a security phrase like “Greensburg Pirates 3A State Basketball Champs 2013” could be translated to “GP3@sbc2T!3. “There are no true words in the phrase, there is a mix of capital and lower-case letters, and both numerals and symbols are included.

Yes, maintaining strong passphrases is a hassle. Yes, it is a little work. But in the end changing your passwords to indecipherable gibberish, and doing so regularly, may save even bigger headaches down the road.