skip to main content

Password Protection: Your First Line of Defense


Banking Law / April 6, 2015

The media has been aflutter over the past few months about the importance of basic protective measures that technology users should implement on their electronic devices. Recent headlines have revealed serious invasions of privacy—including leaked celebrity photos and public broadcasts of private video feeds from personal cameras and baby monitors.

One striking aspect of these invasions is that the victims could have prevented, or at least strongly discouraged, the hackers from gaining access to their private information through the use of effective passwords. Based on news reports, the cybercriminals easily accomplished the hacks because the passwords were easy to guess. Often, the victims had not changed their protection features or passwords from their initial default settings.

Effectively Using Password Protection

A strong, complex password is the first line of defense in protecting yourself, your business, and your digital data. Passwords that are short (only a few characters long), contain patterns or repeats of characters (12341234), or contain real words (fuzzykittens) that can be found in a dictionary are weak passwords that are easy to crack and thus provide little protection against hackers. In order for passwords to be effective, passwords should be:

  • Challenging to guess;
  • Comprised of many different types of characters, including uppercase and lowercase alphabetic characters, numbers, and symbols;
  • More than 12 characters long;
  • Changed frequently—security experts recommend changing them every three months;
  • Varied across different systems—each application, web portal or login should have a unique username/login credentials and password; and
  • Not found in the dictionary, in any language.

The use of a mnemonic device (a coded word made from the first letter of each word in a phrase, for example, ACwmfT1Lo3wiaP represents “a coded word made from the first letter of each word in a phrase”) with numbers, special symbols or both in place of certain alphabet characters can go a long way toward creating a formidable password. Similarly, passwords made from a few unrelated words spelled phonetically (for instance, suttleuooseaffauxnetix represents “subtle use of phonetics”) are difficult to guess, but easy to remember. Nonsense phrases that paint an unforgettable mental image can also work well.

Regularly Scheduled Computer Maintenance

Think of protecting yourself and your business online as something that requires regularly scheduled attention and maintenance. Having the most up-to-date anti-virus software, regularly changing your passwords and checking system parameters every so often to make sure that everything is set the way that it is supposed to be (remote access is off when it’s not in use, cameras are turned off or pointed at blank walls when not in use, etc.) can improve your system protection.

Passwords Are Only One Piece of the Digital Protection Puzzle

Gaining access to your digital systems should be as challenging for hackers as trying to solve a 10,000 piece jigsaw puzzle while blindfolded. A password is just a tiny corner or edge piece of the puzzle, and more protection should be in place to protect you. In addition to password protection, there are dozens of additional precautions that can be used to further protect your digital systems, including:

  • Two-step, or multi-factor, authentication;
  • Encryption; and
  • Single-use, or one-time, passwords.

Digital Protection Starts With Effective Passwords

Getting hacked can severely impact your life and business. But the first line of defense is in your hands: use smart password protection measures with all of your digital systems. Take time to develop a cybersecurity plan that works for you and your business and devise password protection protocols and enact security measures that work for you and your team. And if a cybercriminal targets you or your business, contact your cyber security lawyer immediately to help mitigate the potential damages. Cybersecurity is largely about taking proactive measures.