Change your passwords like clockwork

We all went through the semi-annual ritual of changing our clocks recently, “springing forward” one hour for daylight savings time.

Fire departments have latched onto this twice-a-year event to remind us to check or change the batteries in our smoke detectors, which could save our lives. Taking a cue from firefighters, we should look at all of our various passwords and treat them like we treat our smoke detector batteries…change them every six months if we haven’t already changed them.

You never know, this change might save our financial lives.

One of the things most of the public data hacks (or stories about malware) have in common is that they are on the hunt for passwords. Whether it is to your bank account, your merchant processing gateway or your 401(k)/IRA account, the bad guys are looking for ways to steal your money.

Just like you change the locks to your new house (because who knows how many keys are floating around the neighborhood) and the hotel uses an electronic key to change the locks each time someone checks into a room, you should strongly consider a routine of changing the “locks” to your online valuables by changing your passwords.

In choosing a new password, make sure that it is unique yet easy to remember. The experts recommend something that is not a common word, nor something that is publicly known about you (darn, so much for the pet’s name). You may also want to use, subject to the requirements of the service provider, special characters and numbers in your password.

One of the biggest discussions around password picking is whether you should use the same password you use somewhere else (because then you will remember it) or use something new and different.

One school of thought is that you use the same password with something unique inserted into it that is different for each site. For example, as a University of Michigan fan, you use “GoBlue” as the foundation of your password. Then for each site for which you maintain a password, you insert something between the “Go” and “Blue.” You might have “GoMRABlue” for a login to the MRA site, “GogmailBlue” for your login to Google Mail, and “GoiTunesBlue” for your iTunes account.

The key to this system is to develop a consistent (but not the same) pattern to your password selection. You should be able to recall it easily, but it should be complex enough to prevent it from being guessed by someone who knows just enough about you to know your favorite college football team is the Michigan Wolverines.

Passwords should be changed regularly, just like clockwork, otherwise they lose their value.

John Mayleben, CPP is Michigan Retailers Association senior vice president, technology and product development, and a national expert on electronic payment processing. He was the first person in Michigan and among the first in the nation to receive the Certified Payments Professional designation from the Electronic Transactions Association.