Tech for Troglodytes: Best Passwords Ever

IMG_1816

OK, ‘fess up. Do you use the same password for a gazillion different websites?

Don’t.

Not long ago, I got a bunch of e-mails from people I follow on Twitter warning that my account had been hacked.  Seems “I” was sending diet tips far and wide, and people foolish enough to click on “my” link got hacked too.  Ouch. I hardly even look at Twitter, just signed up to see what the buzz was all about.  I clicked on one little thing, something about someone trying to find me (I know, how stupid can you get) and boom, off my password went to some hacker in Russia or China, who sold it to a ponzi schemer.

How many other sites was I using the same password for?

Uh oh.

passwordjoke_small
From “How I’d Hack Your Weak Passwords”

I know, I know. It’s a pain in the you-know-what to have to remember and/or store a bunch of “secure” passwords.  Who wants to go digging every time you buy a book, or read the New York Times, or check whether the electric bill is coming out of the checking or the credit card account?  Nobody does.  So what do over 60% of us do? Use an easy password over and over and hope for the best. Not. Good.

425px-Hacker_Inside_Logo.svg
Photo: WikiCommons

TWELVE MILLION pieces of personal information were illegally sold in the first quarter of 2012. Once your password is compromised by a security breach at, say, LinkedIn (June ’12), Twitter (May ’12) or eHarmony (June ’12 ) you are TEN TIMES more likely to be a victim of identity theft.

OK, OK! Say this to ourselves ten times:  Buying, selling, saving, paying, transferring money? EVERY SITE NEEDS ITS OWN PASSWORD.  A GOOD PASSWORD. Do you know what happens if your identity is stolen? Your g-mail account gets hacked? Months of misery.  You might as well pull your fingernails out.

DO NOT DESPAIR.  Shoring up the walls is easier than you might think.

What is a good password? Pop quiz  —  Pick the safest password:

(A) v2@t56Bbl_!*2dd

or

(B) YourDogEatsPoopandBeans

Answer? It’s (B) YourDogEatsPoopandBeans

A good password is one that is hard for hackers to guess, and easy for you to remember.  v2@t56Bbl_!*2dd  is impossible to remember and believe it or not, easier than (B) to hack.   Why?

Length is more important than gobbledegook.  A hacker’s software tries out random combinations of symbols or dictionary words. The more symbols you use, the more combinations the software has to try out, and the longer it takes for it to crack your password. Weeks. Years. If it takes too long, the hacker gives up and goes fishing for easier prey.

Anonymous
Photo: Feral78

Hide your passwords in a secure system, aka an “open source [free] password manager” that can be stored online and on your computer.  I use Keypass and store it in Dropbox, so it’s accessible on my phone and computer.  The only password I have to remember is for Keypass (Setting that up is another post, but it’s not hard). [UPDATE*** Dropbox is a heavily targeted site for hackers, so I no longer store passwords or manager on the site!  JBW 4/14/14***]

The important thing is this:  change your passwords.  Use lots of different passwords.  Make them long. Go ahead, be silly. Use words you can remember. Vary them for different accounts by changing the order of the words or adding numbers to the beginning and end.  Use at least 15 or 16 letters.  Make it fun.

Считать, что вы хакеры!    

采取您黑客 !

(Take that you hackers!)

Don’t wait.

I am quite possibly the last person on earth who should dispense advice about technology, so your additions, subtractions, corrections, scoldings and of course, accolades, are welcome!  Acknowledgments to my daughter Grace who, as a computer science major, is living proof that the apple can indeed fall far from the tree.  Thank you dear one.

22 comments

  • This is such important advice. I have a tricky password, but I admit, I use it too much. I’ve not heard of Keypass. Will have to look into that.

    Like

    • Keypass is great, but I have to admit, it took me awhile to wrap my head around it. Of course, for me that’s true of everything techie. Cheers!

      Like

  • Great reminder. I’ve been meaning to change up my passwords (some are too easy, some I use in more than one site, etc.), but it is a pain trying to remember all of them.

    I’ve thought about these password managing sites that I’ve been hearing about, but my reluctance has been over whether or not that is any more secure? I’ve so far been reluctant to use Dropbox for much because of the same concerns. Can a good hacker access those sites and then they’d have everything in one place.

    I love all that the internet has added to our lives, but along with the good, there is always a downside. Identity theft is one of the downsides.

    Your nonsense passwords are great!! Gave me a few ideas.

    Like

  • Good information to have, Julie. Thanks. I have always used sort of the same group of numbers/words for all my emails in different configurations, for the most part. I have always kept track of them in an address book (you know, paper and pencil one…) I am glad to know of a safe way to keep them all on the computer. Yay.

    Like

    • Maybe we should have a password party, where we all sit around with beers and force ourselves to fix up our, ahem, security systems.

      Like

  • Dropbox is pretty on top of security although, being in the cloud, in the United States, its data is subject to the Patriot Act, so at any moment, can be accessed by the government. Sounds paranoid, but it’s true. Since that’s true of anything on the US Internet though, I can’t worry about that. Just don’t use words like bomb and hijack. Oops. I take those words back.

    Dropbox had trouble recently, not technically a hack, but an employee’s files were breached, which allowed hackers access to some of Dropbox customers’ email accounts. They are adding two-factor verification and some other security measures to protect against future problems like this. The key though is your passwords. Make them strong, and unique, and you put a wall between yourself and hacknites. Hmm. Maybe I’ll go shore up my Dropbox password. Again.

    Like

    • It’s amazing how hard it is to make myself housekeep passwords. Why would our brains resist this sensible thing to do? It’s a mystery. Happy re-creating.

      Like

  • How do they do it? I’d heard about people being hacked on Twitter from just clicking something. I use a four-tier system for passwording (low to high value sites), with four different phrases. Up until now, I thought I was clever. But you’ve convinced me it time to get more serious, Julia! Thanks for the tips.

    Like

    • Your 4-tier system probably isn’t bad. You mean, for sites you just pop in on but don’t give any personal info, light passwords, right? At least you’re thinking about it, and putting some effort in. Puts you way ahead of a lot of people. Still, I thought Twitter was kind of that way for me. Wrong. Thanks for the visit.

      Like

  • Very timely. Today when I checked my bank accounts (online, of course), someone had decided to ring up $1,300 of “savings” at Sam’s Club to my business account. Luckily, it had not gotten through the authorization process, so I was able to cancel my card before they did any more damage. I don’t think it means they have the password to my online banking (there are other untouched accounts), but they did somehow get that specific 16-digit card number. Yikes! Be careful out there, people!

    Like

    • That’s scary. You should have written this post. Ain’t it a pain to re-do all those stupid passwords? Also makes you think about how much trust we put in our computers and each other, which I suppose in some ways is a good thing …

      Hope the Sam’s Clubber is out of your life for good. I’m impressed that you caught him so quickly!

      Like

  • I wasn’t gonna read blogs this morning – too busy but I read your title and laughed a gotta read flashed and I laughed… I hater passwords they are the bane of my existence lately…but I gotta have ’em. Love the MydogeatsPoopandBeans! thanks for letting a crack of a smile cross my face!

    Like

    • You’re welcome. I know about baneful passwords. It was SO HARD to make myself sit down and rethink mine. The good news: once I got going and set up a system, it wasn’t so bad. Kind of fun, actually.

      Like

  • I can’t ask her! She’s off to Peru. I prefer to think Dropbox is as safe as anywhere, because it allows me access to the motherlode when I don’t have my laptop. Plus, now that I have an unbelievably outstanding set of passwords, it MUST be safe, right? Oh the new kinds of faith the Internet age asks of us.

    Like

  • Great post, Julie. You are so right on target. We were hacked by a foreign corporation in November and they made off with almost $10,000 plus of the three computers in our house, made my husbands PC a virtual paperweight! We are now set up with a system that alerts us if someone is attempting to break-in. However, I’m taking nothing for granted.

    Like

  • Thanks Sheri. That’s the scariest story here. I wouldn’t mind hearing more about your virtual alarm system. Hate to be paranoid, but I hate to be naive, more. Sorry you had to go through that.

    Like

  • you could use leet. make it super complex and you can remember it.
    for example
    wordpress can turn into

    W0rdpr355#1.810g

    saying

    wordpress#1.blog

    Like

Submit a comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s