The tip this week comes courtesy of Richard Westrick who reminded me of the importance of changing our bad password habits. How many of us use easy passwords like 123456? Normally we don’t have accurate data about the passwords people use since they are private and hopefully encrypted by companies that use them. But, a year or so ago, passwords of 32 million accounts from a Social Media site named Rock You were stolen and then returned without their user names. This gave researchers a sample of 32 million actual password choices. Apparently, 300 thousand (9 percent) used 123456. If you broaden that to include people who used 12345 or 1234567, the number jumps up to 500,000 (15 percent). This makes it very easy to hack an account.
Here are the some of the common best practices for passwords:
1) Use greater than 6 characters with a mix of numbers, letters, and special characters.
2) Best not to use real words or common words such as “password” for instance.
3) Don’t use your name, parts of your name or part of your e-mail address.
4) Phrases are better than words and you can sort of encrypt them to save space using a system with the first letter of the the phrase and special characters.
5) Passwords should be complex and unique. Using the same password for all your accounts is frowned upon. If one site gets hacked all of your other accounts are vulnerable.
So how are you to choose and then remember all of your passwords? You can use one password formula and vary it a bit from site to site. Or you can use a password program such as KeePass and store it on Dropbox so it is accessible to you from multiple devices.
On the other hand, I just read a post in Gizmodo, Don’t Change Your Password by Sam Biddle. He says as long as you take reasonable care about yourself online, have a decent password, vary it up some, and don’t do stupid things like use the string of 123456 numbers, or log onto your e-mail or Facebook account at the Apple Store, you should be okay.
According to Biddle, “….. odds are nobody on the Internet will ever care about you enough to find it. You’re not important. I’m not important. Very few people are worth the time to steal from or brute force a password out of. You’re not Bank of America or Sony.”
I guess it all depends on your situation and your trust level. I know I need to do better. How about you? Do you have a system or vulnerability?