Now's the time to change your passwords

It’s the season for ringing out the old and ringing in the new. And one of the easiest new things you can do that’s totally worthwhile is to change the passwords on all your online accounts.

Even though you surely know that your online identity is always at risk of being hacked, you may not be doing enough to protect yourself

Having a good password and changing it often is your first line of defense from cyberthieves. And don’t think a simple four- to six-character password will do -- that’s almost like having no password at all. Hackers use multiple dictionaries of English and foreign words, they employ linguistic patterns and they scour social media accounts to identify your passwords. Security experts say a good hacker can break two-thirds of all passwords in existence today.

Here’s some advice from those experts on what to avoid and what to do when changing and creating passwords.

Your passwords are weak if you…

  • Use common words or numbers or letters in sequential order.
  • Disclose your passwords online or give them to someone.
  • Store your passwords where they can be seen or found by others (i.e. writing them on a Post-it note stuck to your computer).
  • Use the “Remember My Password” option on websites.
  • Use the same password for all or several of the sites you use.
  • Include the personal information you disclose on social media or networking websites.

Security experts say it’s best to create a long and complex password. Here’s why.

If your password is simple, such as the name of your dog “Rover,” hackers can crack that instantly. Same goes even if you use “ROver.”

Add some numbers, reflecting the month you were born, such as “Rover12” and your password still isn’t strong -- it can be cracked in as little as 14 minutes. Stronger passwords result when you use a combination of numbers, letters and symbols. For example, use @Rov3r123, and hackers will need more than 275 days to crack it.

The strongest passwords are at least 10-14 characters long. But who can remember a password that’s long and complicated? Here’s a trick. Use a phrase you’ll remember, like “Rover went to market” to create a password like: “Rov3rWENT2Mark3t”. Experts say it’ll take hackers about 377 billion years to crack that one.

To create strong passwords, you should…

  • Use uppercase and lowercase letters, numbers and symbols.
  • Avoid using words found in the dictionary or that you use frequently on social media sites.
  • Never use your name, Social Security number, date of birth, family names or pet’s names.
  • Make sure you use at least 10 to 14 characters.
  • Create separate passwords for email accounts, financial accounts and retail shopping accounts.
  • Change your passwords three to four times a year.
  • Store them in a safe place or use a secure password management tool.
  • Ray Martin

    View all articles by Ray Martin on CBS MoneyWatch»
    Ray Martin has been a practicing financial advisor since 1986, providing financial guidance and advice to individuals. He has appeared regularly as a contributor on the CBS Early Show, CBS NewsPath, as a columnist on CBS Moneywatch.com and on NBC-TV's morning newscast TODAY. He has also appeared on the Oprah Winfrey Show and is the author of two books.