Saturday, September 29, 2012

Protecting Your Passwords and PINs

There is a surprising (or perhaps unsurprising) lack of sophistication with how many people set PINs and passwords.  A study done by Data Genetics analyzed passwords from released or exposed password tables and found that the most common 4 digit password was "1234."  "1111," "0000," and other strings of the same number were also very common.  A list of most common passwords published by SplashData include "password" and "123456."  Others on the list that might be slightly more sophisticated include "qwerty" and "qazwsx" for passwords and "2580" for PINs.  You can easily see that these just have to deal with the placement of the characters on the keypad or keyboard to help people remember them easily.  However, this makes it extremely easy for someone to just guess what your secret code is if you lose your ATM or credit card.

It is extremely important to make your passwords personal to you.  They should be fairly easy for you to remember while making it very difficult for someone who doesn't know you or doesn't know you well to guess correctly.  Something like a year of birth is quite commonly used but puts you at risk if you lose your entire wallet and whoever finds it has access to your driver's license along with your credit and debit cards.  Try to take it a step further by using a parent's year of birth and reversing it.

For passwords, it may be difficult to remember them if you have random capitalizations and number replacements for letters (0 for O, 1 for I, 3 for E, 4 for A, etc.).  It is much easier to come up with a favorite phrase or quote and use the first letter in that sentence.  For example, if you really liked the quote "You can do anything, but not everything," your password could be "Ycdabne" and add some numbers at the end (preferably something other than 123).  "Ycdabne" is not a legitimate word but it is fairly easy to remember if you just repeat your favorite quote.

For PINs, you can try to think of converting words to numbers.  For example, if you assign the letters to digits alphabetically (A = 1, B = 2, C = 3, ... J = 0, K = 1, etc.) you can change a word into your PIN.  "Wise" would become 3995 or "Cash" would become 3198.  You can always take the reverse of these numbers for your PIN as well.  Although it wouldn't be extremely easy to remember if you forgot them, it shouldn't take more than 2 minutes to recreate your table and figure out what the number is.

It is also important to make sure you don't use the same password or PIN for every card or account you have.  Try to have a few of each so that on the off chance that someone guesses your very secure code, they won't be able to just copy that to your other cards and accounts.

No comments:

Post a Comment