I have spent some time the last couple of days changing passwords for sites I used that were found to be vulnerable to Heartbleed. Money Tree’s financial planning software was never vulnerable to Heartbleed, however it is likely several of the sites you use were, and you should take action by changing your passwords after checking to ensure the website services have fixed the security flaw.
It’s important to be smart about your passwords. Yes, passwords can be cracked and compromised, but it is 100% worth your time to use a little bit of effort combined with some smarts when creating your passwords. Check out our 8 tips below on smart password practices.
1. Don’t share your passwords.
2. Don’t reuse passwords.
3. Use a strong a password every time.
What is a strong password?
It looks something like this: f@LNxx,2[#u2^%Q
- 8 characters in length at a minimum – longer is better.
- Numbers, capital letters and symbols are all included.
- Is not a common password, like password, 123456, or qwerty
- It is not an easy to guess word, like names of your family members or pets or number like your birth date.
How do I create a strong password I can actually remember?
- Use symbols to replace letters – $ instead of s, @ instead of a, 0 instead of o, etc.
- Think of a phrase you can remember.
- Then combine the two:
“I’m the best planner” could translate to a password of “1*m+heBes+P1@nNer”
“TOTAL Online” could translate to a password of “+0+@1On1!ne”
Can you guess the phrase used to create this password? “H2of@11”
If you guessed it, you know this system can work for you (answer below.)
- Consider using a password system.
I use a password system. We all have a lot of passwords to remember so a system helps keep life simple. However, I do not use a password system for the sites that hold information I consider highly private, like finance and banking sites.
- Start with one strong password you can commit to your memory.
For example: _iA6*Ry2 - Add to this for various sites.
Netflix – you could create a password of Ne+_iA6*Ry2F1cks
Twitter – you could create a password of +W!++er_iA6*Ry2
A tip to remember a strong password is to use the phonetic alphabet for letters.
“_iA6*Ry2” is likely easier to remember as “_IndiaAlpha6*RomeoYanke2”.
Keep in mind someone could crack your code if they get a hold of your base password and figure out your system – but its not nearly as easy as it would be if you always used “password”.
- Consider using a password manager service, allowing you to have unique strong password for every site (without the nearly impossible task of remembering all of them.)
I would start be checking out PC Magazine’s article and password manager review, “The Best Password Managers”
4. Always take advantage of two-step authentication when available.
6. Use different email accounts for different types of site logins.
- For example, smith.john.social@gmail.com for your social networking sites, or sue.shops@yahoo.com for your online shopping sites.
- Don’t make resetting your password easier than cracking your actual password!
- If it is the end of a professional relationship, changing your own password is one step, but also make sure to remove that user’s login from all shared company platforms, like your online financial planning software for example.
It is “waterfalls.”
