Protecting Your Identity Online: Tips for Secure Passwords

Secure Passwords

The rules for password creation have changed in recent years, so you may have to unlearn some of the things you’ve been taught in the past about secure passwords.

The National Institute of Standards and Technology (NIST), the federal agency that created the original password guidelines, recently revised those guidelines. Its current recommendations are based on research on both the habits of users and the techniques of hackers. Here are some of their findings:

  • Length is a major factor in a password’s strength, so the longer the password, the better.
  • Complex passwords, with a mix of character types, are hard for people to remember, and do little to deter hackers.
  • Strong passwords can be created from short phrases that are easy for you to remember, but would be meaningless to anyone else.
  • Passwords may be used indefinitely as long as they’re strong and have not been compromised. Obviously, if you have an account with a company that just had a data breach, you’ll want to change that password.

Other Ideas on Secure Passwords

Changing passwords every 30, 60 or 90 days was recommended for thwarting hackers, but some security experts now question that tactic. Changing passwords on a regular schedule may have little security value and can lead to bad habits. Research has shown that people tend to make only minor changes when updating their passwords or create weak passwords that are easier for them to memorize. You’re better off creating a strong password, memorizing it and holding on to it.

While NIST has changed some of its guidelines, some of the old ones still apply. Don’t share your secure passwords with anyone, or leave them on sticky notes by your computer. Create unique passwords for important accounts, such as your bank account and your email, and avoid bad passwords such as “password,” “12345678,” “qwerty” and “iloveyou.”

7 thoughts on “Protecting Your Identity Online: Tips for Secure Passwords

  1. Kendra Eichholz

    Thank you. I have been receiving phone calls from various collection agencies out of state recently.
    I called Trans Union and they put a “Fraud Alert” on all my accounts AGAIN! A parent my ex-husband used my phone number and my previous name, Kendra Gilmer” illegally AGAIN! He will never Stop Abusing my name, Credit, and give me peace. He is Greedy! Please “God help me AGAIN!”

    Reply
    1. NYSLRS Post author

      We’ve launched a new version of Retirement Online. If your Retirement Online user ID and password were created before January 4, 2017, you must re-register for the new Retirement Online. Please visit the NYSLRS homepage and look for the Retirement Online logo – click “Register Now” to create your new account.

      If you have any difficulty signing up, you can find helpful tools and tips on our Retirement Online Learn More page. You can also get answers to your Retirement Online questions by calling 1-866-805-0990 (518-474-7736 in the Albany, New York area). Press 1 for Retirement Online, then press 1 for password resets, 2 for assistance with registering, or 3 for any other Retirement Online questions.

      If you have already signed up for the new Retirement Online, you can read these guides on retrieving your user ID and resetting your password:

      Forgot User ID
      Forgot Password

      Reply
    2. JB

      You don’t have to remember passwords, just remember retrieval clues, such as:
      first car, 3rd grade teacher, address in (city), high school & year, best boss, etc. Make the answer unique. All of your graduating class knows your school & year, so use the mascot, school colors, fav subject, etc.

      If you’re good at remembering numbers, use all your past tel #s in order, all home address #s (no street names) all apt #s, etc.

      Don’t use the whole word, name, street, car, job etc. Just use the first 3 or the last 2. Or the first 2 with the last 2.

      For example: your first address is 8523 Apple Street, Banana, Ohio.
      Your retrieval clue is 1addr2332. Write that down.

      No one will know what it means, but you know it means 1st address, first 2 characters, last 3, first 3, last 2. So your password is 85plebanio.

      Just write down the retrieval clue.

      Reply
    1. NYSLRS

      You can reset your password online. From the Retirement Online page, click Sign On, then click the Forgot Password link. Enter your user ID and answer the security questions. Enter and confirm a new password that meets the requirements shown in the gray box. Click Reset Password.

      If you have any difficulty, you can find step-by-step instructions in the Tools & Tips section of the Retirement Online page. You can also get help by calling 1-866-805-0990 (518-474-7736 in the Albany, New York area). Press 2, then press 1 for Retirement Online, then press 1 for password reset.

      Reply

Leave a Reply