Hacked. All files lost. Computer hard drive wiped. Phone dead. Twitter account hijacked.
Think it couldn’t happen? Think again.
Listening to the frightening details on this podcast about being hacked that made me realize every niche community needs to hear a few basic facts on passwords.
In a world where we all are supposed to remember details for every connection we make, most of us are failing to protect ourselves. I say this from very personal experience. I get calls daily from clients and contacts about their websites, Twitter or Facebook accounts and am VERY often given their root password so that I can go in and see what is wrong. These passwords are usually as effective at protecting their identity as a glass balaclava. I won’t count the number of times I have received passwords like: password1, [email protected] or pinotnoir or worse.
You need to realize a few simple things about passwords:
- Password strength is NOT primarily about protecting you against someone guessing your password. They are to protect you against computers attacking you by brute force and attempting to guess what your password it by running millions of combinations till they get it right! Any password of fewer than 10 letters is not going to take long to hack with this method. Just look at this example of how password strength works.
LESSON: Making a password short and hard to remember is less effective than making an easy to remember password that is extra long.
- Passwords NEED TO BE DIFFERENT for as many sites as you have. One password to rule them all equals one password to steal all you own. Fortunately today I use a tool called LastPass. There are many of these, but LastPass is my favorite. It gives every site I have a new password, and then remembers them for me. Plus it remembers notes, and other seekret details about my life. Then I have to remember only one VERY LONG password to get into LastPass. Mine is a 7 word sentence. Now I am doubly protected, plus all these passwords are available to me at anytime from my computers, my phone, my tablet, or any computer I use in the world.
LESSON: Use tools to make the process of remembering multiple passwords easier, don’t stick with one password
- CHANGE YOUR PASSWORDS. Not all of them, and not all the time. But if you are not changing your banking PW at least quarterly, if not preferably monthly you are asking for trouble. Set a reminder in your electronic calendar to remind you to change them. It just makes sense. And with LastPass you don’t have to worry about trying to remember each change. It will generate an automatic secure PW when you need it!
LESSON: Change we can believe in! Change we need
- I register for so many new things each day that to archive every one, knowing I will dump most of these registrations at some point, makes no sense. Come up with a familiar formula for a password for each site that is easy to use, for example: the last three letters of the site’s URL + an 8 digit standard code you remember. This is something you can use once and dump. When you register for the next twitter competitor, photo sharing site, online survey tool or whatever, you can use this. Then, when you realize you are going to use a new service regularly you change it. BUT REMEMBER TO CHANGE IT!
LESSON: Learn a formula for a throwaway password. It is not foolproof, but makes life easier for the short term.
- If given the option DO NOT use your mothers maiden name, birthday, pet’s name, or anything else that could be found on your facebook profile or anywhere else on the web as your password reminder. If given the option, make your reminder something obscure and not related to the answer. Example: Question: My favorite Wine Movie? Answer: Corkscr3w – The question is related to your reminder hint, but is not something a human could engineer. Using a 3 for the letter ‘E’ just adds another glitch in the human guessing system. These hints are for humans, so we need to trick them, more than the computers I mentioned above.
LESSON: In an era of open sharing, old-fashioned ideas of what are “private” details are dangerous. Stay alert!
These tips are for all of you, but they are for me as well. I correspond with many of you, and we might share details that I don’t want public, and if I trust you, I risk being phished too. If you get hacked I get hacked. That is the problem. If you are using insecure passwords, I am a potential target too. Imagine being hacked and having to tell everyone you know? How embarrassing! With some simple tools and simpler actions you can make life safer for all.
Just remember if your password looks like this:
You are not safe! But if your password looks like:
… you are probably not going to have a problem. If you don’t think it could happen to you, think again. Let’s make our community stronger and safer. Friends don’t let friends use weak passwords.