Last week I introduced this article, “Living in a Hacker’s Paradise,” about the dangers of using weak passwords and some possible solutions in the future. Today I will explain some steps you can take today to understand the problem and protect yourself online.
There are a few ways thieves can get your passwords and masquerade as your identity online. A common technique is to perform a little online research of the individual’s social networking profiles, public records, and other searchable information and then to simply guess possible passwords. This is why you don’t use the names of your pets, kids, spouse, birthdays, known nicknames or anything else from your personal life. Likewise, don’t flood social networking sites with the same information that otherwise secure sites may use to identify you in the event you forget your password. A mother’s maiden name, favorite food, favorite pet’s name, city you were born, high school, etc. are all examples of the information that a hacker can and will use against you. Don’t use words right out of a dictionary, in any language. Your typical modern laptop is more powerful today than a supercomputer from years ago and they can run through entire dictionaries in multiple languages guessing passwords until they stumble across the right one. Such “brute force” programs can also guess random combinations of numbers and letters in a reasonable time in order to crack a short password of fewer than five or six characters. Keep in mind that a hacker may not be across the globe but possibly in your own home or office. Don’t write passwords on a piece of paper you keep in your desk drawer or on a sticky glued to the bottom of your computer. I expect many readers are cringing right now wondering how I know their secrets.
Here are a few tips on password security you can utilize without having to worry about keeping track of hundreds of passwords and without using the same password twice. Be sure your passwords are eight to ten characters long and a combination of upper and lower case letters, numbers, and even symbols if the site allows it. You should also change your password, even if only slightly, at least once a month on sites you visit frequently. There are a wide variety of password management programs of various qualities you could use and some offer a very good solution to this problem. Another solution, both simple and free, is to come up with a short sentence you can remember and change only a couple words in that sentence for each site and then use the first letter of each word in the sentence as your password for that site. For example, your password sentence could be: “This one is Paul’s January password on smartfem.com!” which translates to “T1iPJpos!” and gives me a ten character, very secure password unique to this website but also very easy to remember. Notice I used the numeral in place of the word “one,” I have three capital letters, a symbol at the end, and the first two letters in the domain name for smartfem.com which could be replaced with, for example, “fa” for facebook.com or “am” for americanexpress.com.
One little disclaimer, this is not my actual password and secret sentence so don’t bother trying it out, nor is losing your password for this website going to present a security risk in itself since SmartFem doesn’t collect or store any personal information other than your name and email. In fact, you may have a similar but different system that works for you which is fine as long as you keep it to yourself, change it once a month, and don’t write it down. The harder it is to guess, the safer you are online.
I welcome questions on computers, technology, and online security as it pertains to you, your family, your job, or any other aspect of your life that you would like me to write about and hopefully clarify. Please write to me at firstname.lastname@example.org or submit a comment below.