If you have been following the news, the social media web site Twitter was compromised last month. When the story hit, the “hacker” had copies of Twitter’s most intimate information – financial forecast, employee rosters, etc. Roll back to the 2008 American presidential candidate race, and Sarah Palin, vice president hopeful, was also “hacked.”
I put “hacked” in quotes because they were not violated by a sophisticated technology, nor by some mischevious kids in Eastern Russia. In fact, technology has nothing to do with it. The “hacks” were exploiting flaws in the way that we manage our passwords. We are all doing it and we are all equally exposed.
In the last 10 years, the internet has exploded into our lives. The off shoot is that we are managing hundreds if not thousands of passwords across a myriad of web sites and technologies. On top of all of that, there is no good way to manage all of these passwords. With so many passwords, we all have a vulnerability. The only question is the size. Here is my practical Top 10 guide to keeping you and your family safe by properly managing your passwords.
Passwords should be stored between your ears. There is no other solution. All of your passwords should be stored in your brain. Don’t write them on a sheet of paper. Don’t type them in a secret file. If you place your passwords in any place other than your brain, you are opening a huge hole in your personal security from the start.
Don’t use guessable passwords based on public information. The name of your wife and your children and your pets are public information. Although they are easy to remember, they are easy for others to surmise as well. Here’s a trick. Open up a dictionary and open it up to a random word and use that word. You get the idea. You can check out this list of passwords to avoid.
Never use the same password for everything. Now that you keep all your passwords in your head (see Rule 1), the easiest solution is to remember one and only one password. WRONG. It’s not that easy. The reason is that if someone can figure your password, then they have access to everything that is you. You have just become an identify theft victim of the highest order. This requires a lot of thought. The question is how many passwords are enough? Some people say that one should have a different password for each and everything you do. If you are going to follow Rule #1, the job becomes impossible even for a mathematical genius. It is a dicey game, but your goal is to maximize the number of passwords while still following Rule #1.
Don’t let FireFox and IE store your passwords. This is against Rule #1, remember? Yes, it makes your life a lot easier as you cruise from one web site to another without a speed bump. The problem is that you also have made it a lot easier for someone else to see all your most intimate stuff. It really bothers me that both IE And Firefox attempt to store your passwords by default.
Do not answer secret questions. The way that Sarah Palin and the Twitter employee were “hacked” were through secret questions. I don’t like secret questions nor do I like web sites that use them. They are a security disaster waiting to happen. It is in violation of Rule #1. These are indeed scary times. Even today, when dealing with telephone support, they always ask a set of ‘secret questions’. They usually are the last 4 digits of your social security number, and your mother’s maiden name. The problem is that it is not hard for a stranger to figure out these pieces of information. Now the problem is worse. They want to know the color of my first car. Or my favorite movie? That one really strikes of stupidity. My favorite movie may change, and therefore I probably won’t be able to remember what I answered 5 years from now.
Make your passwords long. The longer your password the better. We all have been exposed to the password strength meter. I guess that old adage is finally true. Size does matter. But seriously, the reason historically for big passwords were so that people could not write computer programs to guess your password. Those days are past. Nowadays, if someone tries to guess a password wrong more than 3 times, quite often the account is disabled. The reason for a long password is different. If someone is looking over your shoulder, or they have seen you type your password a million times, they are less likely to remember a long one.
Type your password quickly. I am fortunate because I type quickly. Going back to Rule #6, the slower you type, the longer your password should be. The reason is the same. It’s not hard to figure out someone’s password by looking at their fingers, particularly a slow typist.
Don’t use public terminals. I am guilty of this, and I will never do it again. Using public terminals might be fine for getting sports scores and the news, but after that you are running risks. There are lots of people milling about a public area. But more importantly, you have no idea if the terminal has key logging software or other spyware that could be harvested at a later point of time.
Your email password is sacred. Of all your passwords, your email password is the most important. Many sites use your email address as your user name. More importantly, almost all sites use your email address as a method of sending a forgotten/lost password. Therefore, if someone has compromised your email, they could go to all your favorite sites and submit that password to be remembered or reset. Then they have access to everything. Your email is the gateway to all of your other passwords.
Don’t leave your PC logged on and unattended. I don’t care if you are at work, or the safety of home. Always log off your computer if you are going to be away. It is a good practice and a good habit to get into.
I could make a lot more rules, but there is an underlying point. Your passwords are a web of security holes. The larger or more complex you make the web, the lower your security vulnerability. There is no simple solution, and there is not one size solution for everyone. Some people have good memories. Some type fast. Some only visit a handful of sites. No matter who you are, please follow the above principles to reduce the chance of having your passwords, and potentially your life, violated.
Introducing Driver Alert 2.0
Check out PC Pitstop’s all new Driver Alert — now featuring DriverMatic technology that allows you to automatically install new drivers at the click of a button.
1,638 total views, 1 views today