Passwords and luggage locks – how much protection?

You’ve got everything packed for your big trip and as the last step before you head out to the airport, you put one of those little locks through the zipper pull tabs on each piece of luggage.

All ready! Your stuff will be safe from the time it leaves your hands at the airport until you pick it up at your sunny destination. Or will it?

Watching the luggage carousel go round and round while waiting for a friend at the airport recently got me thinking about those little locks. What are they even for?

It’s not like those little locks are going to keep out thieves who plan on stealing your bag – or anyone else who really wants to get inside. (And by really wants to get inside, I mean anyone with a pair of pliers and a 2-minute window of opportunity.) No, luggage locks are not meant to be secure, they’re meant to give you peace of mind that there won’t be any unauthorized opening of your suitcase while it’s out of your sight.

A bag without a lock can be opened quickly and easily when an airport supervisor isn’t around; closing it is just as easy. (Zippers really are amazing!) And in between, something of yours could be removed.

Whether it’s playing with the combination, twisting the pull tabs off or breaking the lock with wire cutters, a bag with a lock requires at least a little creative destruction. And that destructive activity requires time and is more noticeable than just sliding the zipper. Note that while a 3 digit combination isn’t a formidable challenge for a thief with time, it’s sufficient for most bags in transition from check-in to the plane.

The locks are there to make undocumented access to your stuff harder. Not impossible, not even hard, just a bit harder than the bag that’s next to it waiting to be loaded on the airplane.

That’s what the cute little locks are for!

Without realizing it, lots of people are using the equivalent of luggage locks for their online accounts. They think they’re protecting themselves from attackers when all they’re doing is putting on a peace-of-mind pantomime for themselves: “My accounts are protected with passwords!”

But they’re not protected – not really.

Sure qwerty123 might keep Aunt Suzie out of your Yahoo! email account when she’s over for a visit, but it’s not going to keep out a hacker or someone interested in more than the latest gossip about your brother-in-law. And it won’t keep a hacker out of your email. And you email will connect him to your bank and other valuable accounts. Of course, that applies for all of your accounts.

Actually, the little lock is better at protecting the contents of your bag because you are more likely to notice that it’s been tampered with than if someone gets into your email using your login and password.

There’s no substitute for strong security – follow these rules for strong passwords for all of your accounts.

Guidelines for long and strong passwords:

• Size matters. We recommend using at least 12 characters. 15 is even better. 8 is a cute luggage lock.
• Mix it up and don’t follow any patterns. Make sure you’re using all of the variations for each character (upper/lower case, digit, punctuation and special characters, spaces – if it’s there, use it!)
• Be unique. Don’t use the same password for multiple accounts. It may be a shortcut for you, but it’s also a short cut for bad guys. A survey of IT security specialists indicated that this was number 2 on their list of online safety practices that they follow.
• Don’t make it personal. Hackers use information they know about you – from personally knowing you or all that stuff about you that’s available online – to try to crack your password. ChicagoCubs2016 is just as strong as a luggage lock.
• Use a password manager. Strong passwords aren’t meant to be remembered. Strange how we accept not knowing any phone numbers (all stored on our phones!), but still think we can remember completely random combinations of characters for 30 accounts.
• Activate two-factor authentication on accounts that support it.