Your PC - Personal Security & Safeguards

Use Strong Passwords

If you've ever lost your wallet, you know the sense of vulnerability—that someone else could be walking around with your identification, pretending to be you. Well, if someone were to get your passwords—log on to your computer or your online accounts—they could ultimately assume your digital identity, pass themselves off as you, and have fun at your expense.

Bad News for You

What could someone do if they have your passwords?

• Access information on your computer, such as your financial records, e-mail messages, stored lists of passwords, and private information.
• Open new accounts and buy, buy, buy.
• Change your mailing address, and have items they purchase (and bills) sent to them.
• Withdraw money from your bank.
• Buy or sell stocks.
• Apply for loans, including mortgages.
• Pretend to be you in online chats or other online activities, such as auctions.

Think of your password as if it were a key to your home and everything you own, including your reputation.

How Would You Know If Your Password Has Been Compromised?

You'll only know for sure that someone else is using your password to your online accounts, if you spot unusual activity in your accounts or if you don't receive a monthly bill or bank statement. If an identity thief changes the mailing address for your accounts, you may not know you have a problem until you get a phone call from a collections agency.

Checklist for Password Protection

Hackers use "dictionary" and other software tools that run rapidly through thousands of likely passwords, looking for easy marks. Help protect your security by using unlikely or strong passwords, managing your password carefully, and monitoring your accounts.

If you shop or conduct transactions online, get a free Microsoft® .NET Passport so you can use one sign-in name and password at all participating sites.

What makes a password strong?

The challenge, of course, is creating a password that you can remember, but is hard for anyone else to guess.

Make sure you create a password that:

• Is at least seven characters in length, and the longer the better. (Passwords for Microsoft Windows® 2000 and Windows XP can be up to 128 characters long.)
• Includes upper and lower case letters, numerals, symbols (at the very least use numbers and letters)
• Has at least one symbol character in the second through sixth position
• Has at least four different characters in your password (no repeats)
• Looks like a sequence of random letters and numbers

Make sure you:

• Don't use ANY PART of your logon name for your password
• Don't use any actual word or name in ANY language
• Don't use numbers in place of similar letters
• Don't reuse any portion of your old password
• Don't use consecutive letters or numbers like "abcdefg" or "234567"
• Don't use adjacent keys on your keyboard like "qwerty"

Manage your passwords

You'd be surprised at the number of people who write down their secret password, and tape it to the monitor or tuck it into a desk drawer next to their computer. Be sure you:

• Keep it to yourself.
• Do not write it down.
• Do not share it with anyone.
• Do not check the "remember my password" feature, without considering the value of the data the password protects.
• Do not store your Microsoft .NET Passport information on your computer.
• Create different passwords for information that needs a high level of protection (e.g. at financial Web sites) and for information that needs only casual protection (e.g. online magazines).
• Change your password at least every six months. Windows XP governs passwords with an expiration date. Read about resetting your passwords in Windows XP.
• If you had reason to tell someone your password, then create a new one at your earliest opportunity.

Monitor your accounts, your credit, and your reputation

To make sure someone isn't having fun pretending to be you:

• Review your accounts online frequently to spot transactions you didn't authorize, such as online credit card charges, mutual fund transfers, bank account withdrawals.
• Review monthly statements you receive in the mail for unauthorized activity.
• Call an account if you don't receive a monthly statement in the mail.
• Get a credit check annually to see if anyone has opened a new account in your name.
• If you use Windows 2000 or Windows XP Professional, review the Event Log frequently and look for any logons at odd times you can't account for being online.

Keeping Your Administrator Account Secure

Because an account named Administrator exists on almost every computer running Windows XP and because this account is all-powerful, malevolent hackers might attempt to break into a computer using the Administrator account. After all, they already know the user name, so they just need to figure out the password. You can make your Administrator account more secure in two ways:

• Use a secure password. If you're logged on as Administrator, you can use User Accounts to set a password.
• But if you want to create a randomly generated secure password, open a Command Prompt window and type this command:

net user administrator /random

Windows displays the new password it creates. Be sure to write it down and store it in a safe place!