We all hear the news, cyber threats and identity theft are on the rise. What can be done? The best defense starts with your own behavior. One key factor of any security policy is how you handle passwords.

The first rule of a good password is, it should never be shared with anyone. This may seem obvious, but at the root of some of the biggest security breaches in the world, you’ll find stolen or misused passwords.

This goes beyond simply not giving out your password to strangers. If you reuse passwords over several websites, you are exposing all of them. For example, if you sign in to a shopping website with your email address and a strong password, what happens if that site is breached? The hackers immediately start going around to your email server, your banking website, Paypal, etc to see if that same password works.

If that stolen password does work on your email, they have the key to almost any website you use. Most websites allow you to recover your password and user name by email. If they control your email account, they receive the password reset messages, and they’re in.

The first thing you should do if you do have a password stolen is change the passwords on any other critical websites and systems you use. If you think your computer may be compromised, you should do this from another computer as soon as possible. Don’t wait until your PC has been replaced or cleaned. Time is of the essence. Nowadays, the hackers are getting paid to act quickly, you have to as well.

The actual password you use is also important. It needs to be as complex as possible. Many systems will now force you to make a reasonably complicated password. However, the biggest thing that will actually slow down a hacker is the size of your password. That’s why many security experts now recommend a pass phrase rather than a password. That is, instead of using “Tulips73”, use something like “In1973ISawSomeTulips”. This would be a good practice on your most secure sites.

Which brings up the concept of security levels. You know the government has them. You should too. You could have one or more “public” or “throwaway” passwords you used for unimportant sites. For example, a news site that doesn’t know any personal information. You could then have a “mid grade” set of passwords for websites that know some personal information, such as your address. Finally, you would save the “high grade” passwords for important sites like your email, online banking, etc. Each of these should have a different password, especially the email.

Quick point on personal information. You should give out as little as possible. Every site doesn’t need to know your real address, and almost no site needs to know your real birth date, much less your Social Security Number, credit card number, etc. If an identity thief knows your birth date and address, they can find out almost anything else. Since so many sites do ask for your birthday, make up a fake one so you can remember. Maybe add three to your actual month day and year. If you were born on February, 5th 1980, you could tell any website that asks that you were born on May, 8th, 1983. Yeah, you’ll get some strange birthday wishes, but isn’t that better than strange accounts on your credit report?

Hopefully, this introduction section has given you something to think about. That’s the biggest thing you have to do. Develop the habit of thinking about security.