Posted by: Ken Harthun
Password, Security, Security best practice
In the wake of the recent Gawker Media hack, I feel it’s prudent to once again address the issue of strong, unique passwords. Sometimes I feel that I should rename this blog to “Password Corner” and devote the rest of my natural life to drumming it into people’s heads why this is important. I won’t do that, of course because I’ve figured out a long time ago that people are just too lazy to expend that little bit of extra effort to make a strong password that isn’t used anywhere else. They think it’s going to be too hard to remember or that they’ll have to carry a piece of paper around with them all the time. They would be wrong; it’s just laziness.
It is so simple to create strong, unique passwords that will thwart any but the most determined hackers. You only need a mixture of 12 characters, preferably a mixture of numbers, upper/lower case letters and punctuation to generate a strong password that for all intents and purposes is uncrackable. To make such a password easy to remember, you can use a simple pattern or algorithm known only to you.
Here are some ideas (don’t use these exact ones, for obvious reasons–this is a public blog and hackers have access to it):
- Use some easily-remembered numbers, some special characters and the domain name in a standard pattern. For example, say your phone number is 555-1234 and the site you want to generate a password for is foobar.com. You could use something like the following: 55*&Foobar&*12. See? It’s symmetrical; easy to remember the pattern, but it looks random. How about 12@(Foobar)@34? See where I’m going with this? Use the same pattern across sites, but change the middle part to be the domain of the site. You’ll have an easily-remembered password that is unique for each site.
- Use the domain name with altered characters and an unique added PIN or key. For example, if you have an account on Foobar.com, you could use something like F0oB@r.C0m-J03. Your key in this case would be “-J03.”
- Use the title bar of the login page with altered characters and/or a PIN or key. For example, here’s what you might use for the New York Times website: L0g-1n-N3yorkT1m3s.c0M-J03.
You can probably think of other ways to do this, something that is unique to you. For obvious reasons, you don’t want to use your name, your kid’s name, your pet’s name, etc. unless you make it strong by adding things to it.
At the very least, please, if you have online financial accounts, PayPal, credit cards, etc. make very sure that the passwords are strong and not used on any other sites. If they are, change them immediately. You can do that much for yourself, can’t you?