Rediff.com« Back to articlePrint this article

Beware! Is your password SAFE?

September 17, 2019 09:15 IST

Do you have multiple accounts and passwords for your various online transactions?

How do you keep track of those passwords?

Can one keep the same password for less important sites?

Should you share banking and assets site passwords with someone you trust, in case something happens to you?

Ashish Narsale/Rediff.com answers these questions and more.
Illustration: Uttam Ghosh/Rediff.com

Illustration: Uttam Ghosh/Rediff.com

The internet is not just a highway for information and communication.

We now use it for our daily transactions -- many, many more than we ever imagined.

The internet has, in fact, become a byword for convenience.

Tap on a button and you can book a ticket without standing in those long, messy queues, call for a ride back home, transfer money to someone in a jiffy, do some much-needed shopping or binge-watch on popular video-streaming services. And that's just a few of the money-based services one can access on the internet.

But every service is protected with a password.

Maintaining and remembering multiple passwords -- we accumulate bushels of new passwords yearly -- is our new everyday headache.

As convenient as the internet is, taking care of those passwords and protecting them from criminal preying hackers -- who are always on the lookout for your mistakes -- isn’t easy.

Follow these important steps to make your life simpler and to keep your passwords safe:

1. Use a heavy-duty password

People tend to use simple passwords so that they can remember them easily.

Some examples include '12345678' or 'password' or 'qwerty' or a name, like their own.

These passwords can easily be hacked.

Your password should contain alphabets, numbers and special characters. You may even include ASCII characters (♂4M✏○◘•♣♦♠☺☻♥), if supported by the service provider.

2. No personal information in a password, please

Never use a password that utilises names or birth dates of someone in your family or of a friend. They are much easier to guess.

3. Choose a looooong password

Shorter passwords might be easier for you to remember. They are also easy for hackers to crack.

The longer the password, with more permutation-combinations of characters, the tougher it is for hackers to crack.

4. Create your own language

Avoid using words from a dictionary for a password. Instead, create your own words!

In order to make it easy for you to remember, pick a phrase or a line from a book. Then select the starting or ending characters of the words and make a new word.

For example

The quick brown fox jumps over the lazy dog

Tqbfjotld

eknxsreyg

5. Upper case, lower case, special characters, numbers, everything, whatever, sab kuch...

Use a combination of upper case letters, lower case letters, special characters, numbers -- these make the password stronger. For example:

TqbfjoTld@954

eknxsrEyg@860

6. Change your passwords like you would your wardrobe

Remember to change your passwords regularly. Hackers are always in pursuit.

7. Innovate! Never use the same password

Don’t use same password/PIN for all services. In particular, don't use the same PIN on different debit and credit cards.

Use of the same password or PIN makes it much more vulnerable to hacking.

Use multiple passwords to keep your cards safe.

8. One for all

Bring ease to recalling multiple passwords.

There are many password managers available. Some are free. The most trustworthy are paid.

Password managers help you store all your passwords in one place, so all you need to remember is a single password.

The data is encrypted to avoid unauthorised access. The Google password manager, for example, is a popular service.

If you don't trust online password managers, opt for the traditional way of writing down the passwords paper and keeping it in a safe place.  

For added safety, you could encrypt what you write using some secret code or secret language.

9. Always be on red alert

If you are accessing mails or other services in a public place -- and especially if you are doing a transaction where use of a password or a PIN is necessary -- please be on your guard at all times. Hackers lurk everywhere.

Always remember to log out when you are done.

If you forget to log out from an account on a public computer, change your password immediately.

Observe the same practice at home too, if there are multiple users for the same computer.

Avoid using the WiFi hotspot available at public places like airports, malls, shops, hotels or even your office WiFi for critical online tasks -- the network may not be secure enough and, thus, become an open invitation to hackers.

The safest and only place to do online financial or sensitive information transactions is your home WiFi or on your phone using mobile data.

10. Online wallets

Choose a digital wallet with utmost care.

Do your research to ensure the wallet you are signing up for has utmost security.

Some of the most reliable ones include Google Pay, Phone Pe and PayTM, or bank-promoted wallets like PayZapp, or e-commerce wallets belonging to Amazon, FuturePay, etc.

Don't fall for offers and promotions like cash backs; check for reviews and only then enrol.

11. Smart devices need smart passwords

Keep your smartphones or tablets password- or PIN-protected.

Don't rely on the face or fingerprint unlock option. They may be easily accessed without your permission. For example, if you are attacked, the thief could use unlock your phone using your fingerprint or face.

If you are a Google Android user and are using the pattern feature to lock your phone, your screen will show the pattern via smudges unless you wipe it clean after every use.

Do remember to choose the hide pattern option.

In order to do this, when you activate the pattern option, go to settings and disable the 'Make pattern visible' option. This will hide the pattern from being visible to anyone who can see your mobile screen when you are unlocking your phone.

But, do remember, when it comes to safety, a PIN or password is your best bet.

12. Notifications

Phones or tablets have the option to hide sensitive notifications when the device is in a locked state.

You will find this option in lock screen preferences->Hide sensitive content for Google Android and Show Previews -> Never for Apple iOS.

When you activate this option, sensitive data like One Time Passwords or any other important SMS will not be displayed on your locked screen. This keeps such important details safe in case your phone falls into the wrong hands.

Also, keep your device tracker on in case your smart device is stolen or lost.

13. Shop till you drop, but shop safe

Try using a credit card instead of debit card.

If its PIN is hacked, remember your credit card has better consumer protection than your debit card.

When a transaction is done through a debit card, the money is directly debited from your account,

When you use a credit card, the money is debited from the provider bank giving you enough time to raise the alarm.

14. Who do you trust?

You may want to list or sort your passwords into two categories.

In the first list, include the passwords you would never want anyone to know; it could be your personal email where you may have some of your dark secrets hidden :)

The second list should have the passwords that would are comfortable sharing with someone you trust.

While the first list is for you only, you can share the second list can be shared.

Remember, also, that it is important to share passwords of assets/banks, etc, with someone you trust, in case something happens to you.

Refer to Point 8 about using an online password manager to understand how to go about saving and managing your passwords and giving access to someone trustworthy.

15. A few more tips

Please use the password recovery options provided by the service provider, such as an alternate mail ID and/or your phone number so that you can recover the password in case it is hacked or you forget the password.

Some mail services like Yahoo and banks use the One Time Passwords system which are safer, provided you keep the sensitive notification option as hidden on your phone (as explained in point no 12).

Always use the virtual keyboard provided on a website to prevent key logger malware from recording your password details.

While doing any transaction or accessing sites requiring a user login on a web browser, make sure to check if the lock icon is visible on the website, next to address bar. If it is there, it means the site is safe.

This column is advisory in nature. Rediff.com recommends that you do your own research before following through on the options mentioned here.

ASHISH NARSALE