As reported on KCRA News on July 26, 2013 at 6pm, here are three good password and security tips plus an extra bonus tip we added that you should consider when dealing with your online account passwords where you may store sensitive or private information:
1. Make sure you change your password regularly (every ninety days). If you change your password on a regular basis, you reduce the risk of having your accounts compromised.
2. Make sure that the password you choose is alphanumeric (letters and numbers) with a combination of upper case and lower case letters and special characters (such as: @ and !). However, using passwords alone are no longer safe so we recommend the additional step below.
3. Use 2-step verification when possible with all of your online accounts that may store information you would like to keep private. Email providers such as gmail and Google Apps already use 2-step verification (click here for instructions).
Bonus Step – Test the password security process of your online account provider(s): First, make sure your online accounts storing your sensitive information and passwords offer 2-step verification by checking the support section of the providers website for the terms “2-factor authentication” or “multi-factor authentication.” Second, make sure that personal passwords are not accessible (meaning they are “hashed” and can’t be viewed) by your provider’s customer service personnel; this can be checked by resetting your password with them (online or on the phone). Consider it a warning if the automated online reset button sends you an email with your password (it should send you a link or a temporary password forcing you to reset your password). If you call to change your password and the customer service rep tells you, “sorry, we can only reset your password,” then there is a pretty good chance that the service provider you have chosen properly hashes your password and is security conscious.