Don’t think much about your online passwords? Guest writer Mark Schneider gives you the lowdown on why you should.
Today, many of us live online – we bank, we shop, and we communicate with old friends via the internet. The problem with online life is; your identity is out there in so many places, and eventually, one of those sites will be compromised.
To protect ourselves, we come up with passwords that, supposedly, only we know. The problem is – people don’t take the time to use properly secure passwords because they are often too difficult to remember.
How many people use the word “password” for their password? It happens all the time. So, to combat this, many sites require passwords of minimum length. This is fine except if you are using a word out of the dictionary, which is fairly easy to crack.
So, to really get a secure password, you need to use a password with more than a few characters, and it needs to include letters, numbers, and if the site allows it, symbols to make a decently secure password.
Another problem then arises: how do you remember your password? Security expert Bruce Schneier, recommends people write down their passwords and post them by their computer. This may sound crazy, but his point is simple. It’s more important to have a secure password you’ll never remember, than one that’s easily discovered by hackers. The fact is, if someone has physical access to your computer all bets are off anyway.
My only problem with this idea is, many people need to access their secure information while they’re away from home, or office. Having your passwords written down while you’re on the road, is not a good idea. So you need to devise a way to create secure passwords that you can easily remember. Doing this isn’t as difficult as it sounds. Just devise a method that makes sense for you, and use it consistently.
One method I recommend is – take a line you remember from a song you like, then take the first letter of the line and then add numbers, or symbols to it that make sense to you.
For example, I use lines from old songs I remember and I add numbers of old addresses, birthdates, or a series of numbers I just picked at random, but can easily remember.
The important thing is, it should be easy to remember and totally random. The length of the password is also important – less than 8 characters is too short; 20 characters is considered totally secure.
Many people prefer to use a program to remember their passwords. A couple of very good programs I’ve used which are secure and easy to use are:
and KeePass (Free).
While I don’t use them anymore, I think both offer a great service and should be considered by anyone looking for a simple way to manage passwords in a secure fashion.
Another and potentially more serious problem which I see everywhere online is, the vulnerability in resetting passwords. Several public figures have had their accounts hacked by the use of poor authentication protocols that websites use to reset passwords in case you forget, or lose it.
What happened to Sarah Palin, the Vice Presidential candidate in last year’s national election in the United States, is a great example. Her Yahoo mail account was hacked because her security question was easily guessed, and her password was then made available on Wikipedia.
This problem is perhaps the single largest login security hole you have to face. Typically websites ask questions such as your mother’s maiden name, or your first home town. This information can often be found in publically available locations.
A better protocol would be for sites to have the user set their own “secret question”. While this is better, you would still need to be careful not to use questions which can be guessed, or are known by others.
On a more delicate note, it’s important to realize that identity theft is committed most frequently by people that are known to the victim. It’s not a good feeling, but it’s statistically a fact, and shouldn’t be ignored.
So how do you get around this problem of authentication? Simple – you lie. If you have to use your mother’s maiden name, make up one you can remember. Use the name of someone else you may know, or use a color you hate. There’s no law that says your mom’s maiden name isn’t pink, or that you have to be truthful. Just make sure you remember the fake name you choose.
Logging into websites we use is easy to take for granted. The problem is, once your identity is compromised it can be a nightmare to fix all the issues that will arise.
Take the time to use good, secure passwords, and remember – the security questions you are asked are just as important as your passwords.
This is a guest post by Mark Schneider of the Techwalker Blog, who brings a background as a high level techie, to the blogging world.
Why not pay a visit to Mark’s site today.
If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.