There's a lot of buzz on the Internet about Sarah Palin's personal email being hacked. How did it happen? You can bet they're looking into it. Passwords are often the culprit & we all have those ... By some estimates, the average computer user has more than a dozen. While there are lots of automated password reset tools these days, "What's my password" remains one of the top tech support questions. So, what's the trick to creating memorable, but not guessable passwords? How can you crack the code in this modern memory game, so you don't lose your sanity or security. You need a strategy. Here's some inside info & tips:
WHAT'S THE REAL RISK?
It's about privacy & security. For the most part, the folks after your password don't care about reading your email, they just want to hijack your computer to send SPAM (traced back to you vs them); open lines of credit; and shop.
At the risk of oversimplifying, there are three main ways passwords are "stolen:"
#1. You give it away.
#2. They guess it.
#3 Your computer is hacked.
You don't want to give out your account passwords. That's an easy one, but you'd be surprised how many times people will get an IM from a stranger posing as a customer service rep & fork it right over. Kids are culprits here too, so make sure YOU have the master passwords & they have the accounts you've set up for them.
Guessing passwords is an art form. According to PC Magazine, here are the TEN MOST COMMON PASSWORDS:
1. password
2. 123456
3. qwerty
4. abc123
5. letmein
6. monkey
7. myspace1
8. password1
9. link182
10. (your first name)
There are the most common. And, for the rest, giant computer servers can generate random alphanumeric combinations which is why it's best to use non-dictionary terms. Blogger & computer expert John Pozadzides, says give him a couple of minutes & he could guess passwords for 20% of us. A few more minutes & he'd get the rest. He goes so far as to outline how he'd do it & how long it would take.
As he explains, the length & complexity of passwords is key offering up this staggering advice & stat: "Pay particular attention to the difference between using only lower case characters and using all possible characters (upper, lowercase, and special characters like @#$%^&*). ADDING JUST ONE CAPITAL LETTER AND ONE ASTERIK WOULD CHANGE THE PROCESSING TIME FOR AN 8CHARACTER PASSWORD FROM 2.4 DAYS to 2.1 CENTURIES."
|
Password Length
|
All Characters
|
Only Lowercase
|
|
3 characters |
0.86 seconds |
0.02 seconds |
Lastly, if your computer is hacked, a keystroke bug could be installed which would capture what you type in as you type in your password. Stored passwords shouldn't be an issue, so don't be afraid to go that route. The bigger risk is you're prone to resetting your passwords all the time, is someone gets into your email where the confirmation notices are.
IS IT OK TO USE SAME PASSWORD FOR EVERYTHING?
Criteria for passwords varies from site to site, so this'll be tough. Some sites require a certain number of characters & alphanumeric combinations. Others don't. Here's where I come out on this ... Employing some of the suggestions in this blog entry (you can reset your passwords if you're now in shock about how weak yours are), try to have no more than THREE passwords. Categorize them in your head in three buckets -- a) a fun/light one you use for fun/light sites (i.e., checking horoscope, news headlines, various blogs). b) Something little more in-depth for shopping sites/any site involving a transaction. c) Your Fort Knox password for online banking, taxes, etc. This way when you're at a respective site, you'll be able to more instinctively guess if you used password a, b or c.
IS IT REALLY BAD TO WRITE THEM DOWN?
There's a perception writing down passwords is a cardinal sin. I don't get it. If there's a burglar in your home or office, you've got bigger issues. Do what you have to do & keep the piece of paper in place you can remember. Yellow post-it note by the computer usually works well & if the burglar comment got you nervous, you can be cryptic on the post-it. Tracking back to the three buckets suggested move above, you could just write those three down & no one (not even a smart burglar) would be able to make heads or tails of it.
#1. Memorable not guessable
#2. Combine letters AND numbers AND/OR special characters (@#$%^&*)
#3. Longer rather than shorter
THE TRICK:
Here's neat trick. Take the first letters of a memorable phrase and add some symbols or #'s.
MY EXAMPLE:
#1. Song lyric "Sometimes you want to go where everybody knows your name." = stuw 2 gwekyn:)
MORE EXAMPLES*:
Bad choice = the name of the street where you live (Ashley)
Good choice = the name of the street where you lived when you were nine (Anderson)
Better choice = the name of the street two blocks over, where your best friend Susie lived when you were both seven (River Rock Road)
Best choice = the same street rendered into a non-dictionary term (riverrockrd)
* Source: UCDavis.edu
RSS
Comments
Hey It's Libby from ReginaLewis.com! Be sure to check out Regina's video in conjunction with this post,on YouTube-
http://www.youtube.com/watch?v=4oX5anilUJE
As so many functions move online, this advice is invaluable.
is it best to have one password for everything or switch it around from site to site? thanks :)
You really should use more than one password, Elle. Otherwise, if one account is compromised, all your accounts could be compromised.
Get more tips from Microsoft for choosing a password: http://www.microsoft.com/protect/yourself/password/create.mspx
And from the same article, this password checker to see how strong your new one is before you put it into action: http://www.microsoft.com/protect/yourself/password/checker.mspx