These days we seem to need a PIN or a password for just about everything. If you follow everyone's recommendations, you'll end up with countless sets of random characters that you are expected to memorize and change on a regular basis. That seems a little unreasonable for all but the few people who have perfect recall. While I agree that these rules are important to keep your personal information and finances secure, I think there needs to be a happy medium where the risk matches the required effort. It's a little risky for me to make suggestions about password security, so please remember that anything short of a completely random mix of characters that only you have memorized is at some level a security risk.
Good security involves three components; something you have, something you know, and something you are. The something you have may be a bank card, security card, or key fob. Something you know would be a PIN or password, and something you are is typically a biometric like a fingerprint or retina scan.
PIN numbers (Yes, I do know that the N in PIN stands for number, but it flows better) are used widely in the financial arena to verify that the holder of the card is actually the person authorized to use it. The weaknesses are that the third component, something you are, is still missing and the other two can be stolen or copied. Bank cards go missing all the time, but fortunately most do not have the owner's PIN printed on the back. If a card is stolen by someone who really wants to gain access your best protection is a hard to guess PIN. Obviously birthdates and anniversaries are not good options as are easy to spot numbers like 5555. Choose a PIN that is random, then come up with a way to remember it. For example 4516 could be remembered by the word "deaf" which is made up of the 4th, 5th, 1st and 6th letters of the alphabet. Patterns on the keypad as you punch the numbers in are sometimes helpful too. One financial institution uses a combination of a couple of passwords for online banking, but only asks for certain characters each time you connect, so the entire password is never typed in a single session.
Email passwords and web site passwords use only one of the three components of good security; something you know. These passwords are usually at more risk because most information passed over the Internet can be seen by malicious people with basic hacking skills. Emails are sent in clear text, which means they should never contain passwords, credit card numbers or other important information. If you're like me, you probably have a number of email addresses and access to many password protected web sites. My memory is pretty good, but there's no way I could memorize random characters for over 100 accounts and change them on a regular basis. My solution has been to categorize the email accounts and web sites according to their importance and risk to me. Some accounts have a unique password, but others are in a category that contains a number of accounts with the same password. I also use variations of a password in some cases so that I can remember them while maintaining a good level of security. Newer computers often come with fingerprint readers and password "vaults" where you can store a number of passwords and only access them with a combination of a fingerprint and a password. Since someone you are is the most secure of the three components of good security, this combination is a good option for keeping your information secure. I would, however, advise that you keep a list in a safe deposit box as well since hardware can fail or be stolen and you may lose access yourself.
There are many technologies that have been in use for years that are now coming into every day use, as well as improvements on the forefront, such as biometrics in payment cards. As with any security, the best defence is always knowledge. If you know what's risky you can avoid it. With that in mind, I have a few copies of a security reference handbook written by Symantec that I will make available to the first three people who post comments. Follow up with an email directly to me at gsiverns@basicbusiness.com with your address so I can send you the booklet.
Recent Comments