I recently got a call from a friend whose Yahoo email account had been hacked. He had just fielded several calls from friends, family and business associates that had received solicitations from him for Viagra and a variety of other goodies. When we looked at the email account, his login history revealed that the account had been accessed from all over the world over the course of a few days. Somehow, his Yahoo mail password was compromised and someone or some ‘bot’ had logged into his account, taken indecent liberties with his address book and offered a variety of, err, “performance” enhancements to everyone he knew. We never determined when or how his password was compromised, but it was a frightening look at the importance of spending a little more brainpower to protect online accounts.
Security professionals recommend using different passwords for every site/application. You should also make a habit of changing your passwords periodically – best practices suggest every 40 days. Finally, make sure you’re creating strong passwords, especially for online accounts. I realize that you currently have a pile of passwords for various sites and there’s just no way that the name of your dearly beloved Fluffy will stop safeguarding your online banking, Amazon and Gmail accounts. If you read Paul Gilster’s article below and see some of the organizations, including the Department of Defense, that have been hacked, you’ll want someone closer to Cujo protecting your sensitive data.
Here are some guidelines for creating strong passwords:
- Do not use your name, your user name, family names or familiar numbers, like your birthdate or home address.
- Avoid dictionary words.
- Use a passphrase instead of a password.
- Passwords should be at least 8 characters long.
- Employ characters from at least 3 of the 4 following groups:
- Uppercase letters;
- Lowercase letters;
- Numbers;
- Symbols;
While there’s no way to provide absolute protection over your account, employing these guidelines can certainly put up a few roadblocks.
I’m always surprised by the number of people that use simple ones like password123 or johnsmith. Even substituting numbers and symbols in dictionary words, such as Pa$$word is easily cracked. Simple passwords can be easily defeated by web bots and determined hackers. In fact, there are widely available free tools on the web that will crack the login password on your computer.
If your brain cannot handle any more passwords or you’re constantly losing your password napkin, there are a variety of secure solutions, including KeePass. Take a look at Paul Gilster’s 2011 article on this application. This is certainly not the only password manager available. LifeHacker recently reviewed 5 password managers in case you want other options.
If you need help evaluating the complexity of your password(s), plug it in at HowSecureIsMyPassword.net. This site evaluates your password strength by telling how long it would take a desktop PC to crack it. I evaluated one of my favorites on this site and it projected 423 million years to crack. I think I can live with that!
Passwords are everywhere today, seemingly guarding every aspect of our lives. It’s time to give passwords a little more respect and thought. Otherwise, you’ll spend a week on the phone with your bank and online retailers cleaning up a big mess that could’ve been easily avoided.
Stay safe out there!