Change Your Passwords!
Yeah, yeah, happy New Year to you you, too, now, go change your passwords.
No, seriously, change your passwords. Think about how long it’s been since you either setup that account or changed the password on it. Now, consider that there have been some significant security breaches in the past year, including the issues at Gawker and their family of popular websites, and think about how many places you’ve used that same password. It’s your favorite one, right? The one you use for all your accounts, because it’s so, so easy to remember? Guess what, it’s also probably easy to crack and is probably in a database on some hacker/cracker website right now matched up with the e-mail address you used, too. How long will it be, do you suppose, before someone gets into all your accounts?
Right.
So, go change your passwords.
Not sure how to pick a good one? Well, if you trust the U.S. Government for security, you can go to their Computer Emergency Readiness Team (aka US-CERT) for advice on choosing a secure password. If you’re like me, though, you categorically do NOT trust a government agency for your personal security, in which case I recommend that you check out premier security expert Bruce Schneier’s advice for picking a secure password.
I’ll offer two bits of advice on the topic.
First, if any system lets you, choose a password that includes numbers and special characters, not just letters. The example I always use is “@2brutus” And, yes, that means I will NEVER again use that as a password. *sigh* I like to substitute numbers for letters which resemble them, like the number one instead of the letter L or the letter I. In the example, I’ve taken a whole word out “et” and substituted the “at” symbol, or “@”.
Secondly, try to use something that is not a single word, but a phrase. Again, in the example, I took my bastardization of “et tu brute”, which I remembered as “et tu brutus” and mashed it up a bit. I have known people who use short sentences, however. One guy I worked with occasionally used lines from Lewis Carroll’s [amazon_link id=”0810911507″ target=”_blank” ]Jaberwocky[/amazon_link], which adds the extra security of words that will most likely never be found in any standard dictionary of any language.
So, trust me on this, if you haven’t done it, start the new year right and change your passwords.
Advice from your Uncle Jim:
"Not everything that is faced can be changed, but nothing can be changed until it is faced."
--James Baldwin
I’d been meaning to do this for months when the Gawker hack forced me to do it, including using unique passwords at each site I’ve registered. I went with a 12-digit formula, similar to (though not exactly, for obvious security reasons) the following:
(3 characters from site url)+(3 characters from my login)+(3 characters from date of last pw change)+(3 universal “padding” characters)
So all I need to remember is the last time I changed my passwords (which is also a reminder to change them regularly) and my padding characters, which I use everywhere. Thus, my password for your site if you required them might be ryutin05J!!! and my password for HSBC online banking might be hsbtin05J!!!.
It’s surprisingly easy to remember and this particular password has a 100% “very strong” rating at passwordmeter.com (if you believe in such sites). I’m sure you could devise your own formula, varying the lengths of the components and moving them around.
Comment by tinyhands — 1/5/2011 @ 10:06 am
I meant to reply to this ages ago. Sorry it’s taken so long!
I like the idea of having a formula that only you know the precise sub-sections of that determines your password for any given site. Makes it easy to remember, but hard to guess! Great idea!
Comment by the Network Geek — 2/2/2011 @ 2:59 pm