Stump the identity thief: 7 tips to create a strong password

By Allstate

Last updated: January 1

According to the Internal Revenue Service (IRS), identity theft is a growing global concern. From phishing scams to sophisticated hacking rings, cyber thieves continue to develop creative ways to compromise your personal information.

Both the IRS and Federal Trade Commission (FTC) recommend you safeguard your personal information with a strong password. Here are seven password tips that may help you stump an identity thief and help keep your information and financial accounts better protected.

identity protection, reinvented

Your data is valuable. Time to treat it that way. Allstate Identity Protection helps you secure your data.

1. Don't use your pet's name

The Department of Homeland Security (DHS) suggests that you refrain from using any personal information in your password. That includes Social Security numbers, maiden names, birthdays, anniversaries, the names of children, pets or anything else that can be guessed, researched or discovered by a hacker.

2. Make them hunt through the 'haystack'

Steve Gibson, security expert and president of Gibson Research, suggests using a password that is long and contains upper and lower case letters and special characters. Using various types of characters in a long password may help increase the number of combinations a hacker has to try in order to crack your password, states Gibson. Compare these hacking attempts as trying to find a needle in a haystack, adds Gibson. To help hide that needle, you should use more characters, and characters of different types, to help make the "haystack" larger.

3. Old passwords may be vulnerable

According to the United States Computer Emergency Readiness Team (US-CERT), it's a good idea to change your password on a regular basis, especially after accessing accounts via a public computer. If you keep the same password to a certain website for many years, identity thieves have that much more opportunity to decode it. A rule of thumb is to change your password every 45 days. It's especially important to change your password after using it on a public computer, because browsers on public computers can, in some cases, store your passwords, making them vulnerable to theft, says US-CERT.

4. Try a passphrase

A passphrase is a long string of unrelated letters, numbers and punctuation marks. While a passphrase may be difficult for a user to remember, this type of password may be difficult to crack, according to the DHS.

5. Use a sentence

If you don’t think you’re going to be able to remember a sentence. Use the first letter of every word, mixing in upper and lower case letters and a few numbers that you can remember, as the actual password.

6. Memorize all passwords

Do not store the information in a wallet, purse or smartphone. If you need to write the password down, be sure it’s stored in a secure location, says the DHS.

7. Do not use the same password for work and personal accounts

In fact, the US-CERT recommends that you use a different password for each website account you access. That way, if one of these passwords becomes compromised, the thief will not have access to a second account.

While identity theft is a risk, you don't need to feel vulnerable or unprotected. Use these seven tips to help create a strong password, and you'll not only stand a better chance of stumping an identity thief, but you could also give yourself some peace of mind when it comes to Internet security.