In truth, user IDs and passwords are just a nuisance to a skilled hacker. There are hundreds of free brute-force password crackers, password-cracking dictionaries, and password hash decoders available on the Internet to help a hacker (or the curious high school student) break, guess, or decrypt passwords. Still, when creating a password, the longer and more complex it is the harder it is to crack.

Complex Is Good

Passwords should be complex in design with 12 to 14 characters in upper and lower case letters, numbers, and special characters. As already emphasized, the longer they are, the harder they are to crack. Unfortunately, the longer and more complex passwords are, the more difficult they are to remember.

As a result, a person does have the option of using an encrypted password management application. There are multiple applications available for smartphones, tablets, and PCs. A password manager allows you to store all your personal information such as user IDs, passwords, and even credit card information in an encrypted file.

When you are logging onto a computer or website and need to know your password, you can simply open the app and read your password. By using a password management application, a user only needs to remember one password, the one for the password management application, while all the others are stored for you.

Changing passwords frequently is necessary to protect yourself in case someone does get your password. Customers whose information was compromised in the Target and eBay breaches were told to change their passwords immediately in case a hacker attempted to break into their accounts.

Changing passwords once or twice a year leaves a lot of opportunities for someone who has your password to use it. It is suggested that you change your password at least every 30 to 45 days; however, changing your password to a previous password or simply adding a sequential number to the end really isn’t changing your password.

Multiform Factor Authentication

Hackers can look at a password like Password2 and figure out that Password3 is probably going to be your next password. Also, because most hacking today is done using scripts or programs, if a hacker does have your password, he or she can simply put it into the script and attempt to use it forever. Once you have rotated through your password list and reused an old one, the hacker has your identity.

In order to increase the security of systems and data, you should use a multiform factor authentication process. Multiform factor authentication provides a higher level of protection because it requires more than just a password. There are generally three form factors for authentication:

• Something you know: User ID and password.
• Something you are: Biometric, fingerprint, retina scan.
• Something you have: Smart card, security fab, mobile device.

By requiring a user to have at least two of the three items above, it becomes more difficult for a hacker to break into a user’s systems or accounts.

More Is Better

No single form of authentication provides a high level of security. Using biometrics alone is no more secure than using a password alone. In fact, it took only minutes after the iPhone 5 cellphone came out for a hacker to publish that he was able to hack the biometric fingerprint reader to gain access to the phone. The best means of security is to require multiple form factors.

Adding a second or even third form factor for authentication can be easy and inexpensive to add to computers, tablets, and smartphones. Some devices have smart card readers or biometric devices built right into them. There are peripherals that can be purchased and connected via USB or even Bluetooth.

Secondary authentication form factors also can be implemented using such separate devices that do not connect to your device as security fabs, which provide a security code to be entered into the device, or such applications as banking, credit card, and social media sites already mentioned.

The bottom line: In order to increase security, users should maintain unique user IDs as well as unique complex passwords for each account, along with at least one other form of authentication.