Monday, September 18, 2017

How to Create and Remember Secure Passwords and Security Questions

In the midst of hurricanes Harvey and Irma, Equifax announced that it had suffered a breach that affected around 143 million people. That is nearly half of all people age 18 and over in the United States, which seems to mean any adult has roughly a 50/50 chance of having had their personal information compromised during this breach.

When a company like Equifax—which is supposed to be protecting our identities and personal information—gets hacked, it makes people begin to wonder just how secure their online accounts actually are.

In my experience? Not that secure.

When I was first introduced to the internet (right before I graduated from college), I was told to NEVER write down my passwords in order to keep them secure. Back then, the biggest threat to our personal information would be someone happening upon our bank account password or PIN and then using it to gain access to our online accounts. Nowadays, the actual likelihood of that scenario happening is almost nil, and our personal information is less safe than ever before because hackers can decode passwords and other security information so quickly.

A few months ago, my access to my online banking was revoked because someone had called in and tried to get into my accounts. According to the representative I spoke to, this person knew my name, birthdate, and the last 4 digits of my social security number, but was not able to answer the security questions or my mother's maiden name.

I immediately changed my security questions and password, but a few weeks later I woke up to find that my entire account had been drained. The thief had taken several thousand dollars via an ATM in Miami, Florida over the course of four different transactions. I quickly checked my wallet—even though I'm all the way up in Michigan and I knew I had had my card just the night before. Just as I thought, the only known card to that account was safely in my possession and I had no idea how my account could have been accessed via ATM!

I took a deep breath in preparation for what I knew would be a long day on the phone, and called my bank. It turned out that this time, someone had called (I assume it was the same people) and was able to answer every question correctly. They also somehow activated a new debit card, which is how they were able to get the money from the ATM.

Keep your online accounts safe and secure by learning how to make a very secure password and how to answer security questions in a way that keeps your personal information safe and secure.


I was stuck on the fact that they were able to answer every question. 

My mother's maiden name is quite uncommon. Sure, anybody can guess Smith or Johnson or Jones and have a pretty good chance of landing on someone's maiden name, but I really don't think anyone would be able to pull my mom's maiden name out of the air.

But it would be relatively easy to look me up on social media and possibly figure out who my mother is and then figure out what her maiden name might be. Even though she uses her married name on Facebook, she has plenty of family and her maiden name would be a common thread on her list of friends.

Is that how they knew? I don't know. Because they also knew my other security question. And maybe I had somehow left the answer to that question in my internet trail, who knows?

My experience was interesting because my account was not hacked via a computer, but the bank assured me that the information they had was most definitely acquired electronically.

It took nearly a month to get everything squared away, but I did get my money back and in the process I learned a lot about keeping my personal information secure.

Let's talk about passwords and security questions and a few simple ways you can make them more secure—and don't forget to scroll down to the end of the post to download a free password keeper to help you keep it all straight!

Creating secure passwords


We have been trained to think that a complicated password containing a combination of special characters, upper and lower case letters, and numbers is the most secure type of password. And while that is true to a certain extent, there are a lot of other things that factor into creating passwords that will be difficult for hackers and computer algorithms to decode.

To show you what I mean, I have entered a few passwords into the password checker at Online Domain Tools. It's an excellent way to see if the passwords you have created are secure, and shows how long it would take different types of password cracking programs to break it.

This is the password I commonly used before it was recommended to add in special characters and numbers:

Low security password example.

You can see that even using the slowest method of cracking—a standard desktop PC—it would only take hackers 15 hours to guess this password. And the fastest method—a medium size botnet (and I have no idea what that even is)—could crack this password immediately.

Let's try the more secure password I used for just about everything once I changed over to special characters and numbers:

medium security password example

This password has bought me a little bit of time, but not much. That darn medium size botnet still only needs about 2 hours to crack it. And, as you can see, I was diligent about using all the required elements of a secure password. But it still isn't very secure.

Now let's try the password I currently use for ONE website:

High security password example?

I think I've done it now. This password is good for 119 quadrillion years!

Want to know how I did it?

After my big account hacking, I remembered the online training I had taken at work about how to keep passwords secure. (Here's where I admit that I took the training, but did not actually apply it until it was too late.)

The training I received recommended coming up with a sentence that you will easily remember as the basis for your password:

Twinkle, twinkle little star how I wonder what you are

Now, take that easy to remember sentence and use a combination of upper and lower case letters, symbols, and numbers to abbreviate it:

2TwinkleL*howI1derWhatUR

I entered it into the password checker, and this one is EVEN better than the example I used above. It is safe from the medium size botnet for 874 septillion years!

The best thing about this method is that it's pretty easy to remember. I mean, I already have that memorized—don't you? I am all about using passwords that are easy for me to remember but difficult for computers to crack!

Bonus? I think it's kind of fun to create this type of password.

Creating Answers to Security Questions That are Actually Secure


Once you've got a good password, most sites require you to have answers to one or more security questions. They usually supply the questions and you supply the answers.

Reading through a list of common security question options, you can see that the answers are going to be known only by you and a very small group of people who know you well. However, that isn't really enough to keep the answers truly secure anymore.

My bank recommended to me that I do one of two things with security questions:

1. Lie
2. Use a two factor security question 

I know your mama taught you never to lie, but I think that if it's to protect your personal information and the money you've worked hard to earn, she won't mind.

First and foremost, always lie about your mother's maiden name. That information is simply too easy to find these days and that question is not as secure as it once was. Unfortunately, many financial institutions continue to use it as a required security question.

I have now made up many different maiden names for my mom. None of which is actually a name, and none of which is actually connected to her in any way. Choose a random word and use it.

I was worried about doing it this way at first, but the bank loss-prevention representative (who is basically now my BFF after spending hours on the phone with her) assured me that it is the best thing to do.

Make up nonsense for all of the other security questions, too. We are going from easy to remember security answers to ones that you won't remember off the top of your head, so that is why I have created a printable password log for you to use to keep all of the information straight.

How to keep track of online passwords and security questions.


You can also request that your bank give you a two factor security question. This was something my bank offered to me. I have used it when I call them—since I was hacked over the telephone, I want to be sure my account is just as secure there as it is online.

Basically, a two factor security question will be a common security question with a follow-up. You could lie on the answers to this, too, but I figured that having the follow-up made it safe enough to be truthful. It's up to you to decide.

Examples of two-factor security questions:

Name of first pet + breed
Name of favorite teacher + school or grade taught
City you were born + hospital name
Where you met your spouse + how old you were

You get the idea.

Create a Secondary Password


My bank also offered me a special phone password. The way that works is that when I call them, I verify my name, birthdate, social security number, mother's (fake!) maiden name, and a two-factor security question. And then they ask me for one last password by saying a word to which I reply with another word.

For instance they might say "sweetie" and I would answer "pie."

The one I chose is much less obvious than that, but that's the basic idea.

It may seem like a lot, but it has worked well so far and has definitely made me feel a lot more secure about my bank account!

Never Use the Same Password Twice


I had made the huge mistake of just using the same password across most of my internet accounts. That is a huge no-no! Imagine if somehow one of your websites was breached and then someone took that same username and password and tried it out on other websites. If you do what I did, you would have a much higher likelihood of being hacked across multiple internet sites.

I did it because I can't remember more than 2 or 3 passwords! And I knew I shouldn't have my browser save them because that isn't secure, either.

So, I am now doing what we were advised against doing so long ago: Writing them down. The likelihood of someone finding the password log that is kept in my desk is much, much lower than the likelihood of my passwords being cracked by an outside source or being the victim of a website hack.

The password log I am providing to help you keep track of all of your passwords, security questions, and nonsense maiden names can be downloaded at the end of the post. Along with it, you will be getting 9 other preparedness printables to help you be prepared for all sorts of disasters—the least of which is identity theft!

Free Preparedness Printable Bundle


Download this free preparedness printable pack and be ready for any disasters that my come your way including hurricanes, fires, car emergencies, identity theft and more. Create a 72 hour kit.


Annette from Tips from a Typical Mom has a Family Evacuation Plan which includes things like Meeting locations, emergency contacts, shelters and evacuation routes, and other emergency numbers.

Katelyn from What's up Fagans? has a Personal Document Protection printable, which is basically a simplified checklist to help you make sure your old photos, videos, audio files, journals, and other documents protected physically and digitally!

Carrie of A Mother's Shadow has a great Dutch Oven Guide! In many emergencies, you may find yourself without power which can make cooking food difficult, unless you have something like a dutch oven which is easy to carry and to cook a wide variety of foods in.

Katie of Clarks Condensed has a very helpful 72 Hour Kit Checklist. Should you find yourself having to leave in a hurry, you and your family can simply grab your 72-Hour kits and head out the door, knowing that you'll have the food, bedding, clothes, tools, medicine, toiletries, fuel, and personal documents you need.

Kristina from Mother's Niche has an Emergency Car Kit printable so that you are never stranded helplessly on the side of the road, not knowing what to do, nor having the tools and supplies to help in this emergency.

Janine from Confessions of a Mommyaholic has a handy printable about teaching your children about emergencies and what they need to know before an emergency situation happens.

Camille of My Mommy Style has a handy Family Fire Safety Log where you can track your family's readiness in case of a fire in your house, as well as make sure you are checking your smoke and CO detectors.

Herchel of Gym. Craft. Laundry. has practical hurricane tips for when things you need are sold out! As a Florida native, her prep hacks are genius!

Sarah of Thank You Honey has an easy Hurricane Checklist printable to help you make sure you have everything in place before a hurricane heads your way.

Lara from Overstuffed has a Password Log to help you keep track of your online passwords as a means to help you avoid being a victim of identity theft.

Receive all of the above printables for FREE when you sign up for our lists below. May you be prepared for whatever may come your way!



post signature

This post may contain affiliate links, for more information, please see my disclosure.

See the linky parties I link up to here.
Lara Neves
Lara Neves

Lara is mom to three daughters—two teens and a tween. She loves to share her parenting and homemaking triumphs and failures here at Overstuffed! She was diagnosed with Lyme disease in 2015 and has been fighting it ever since. When she isn't working on her mother of the year award, you can find her reading, singing, or taking photos.

No comments:

Post a Comment