LinkedIn just found about 6.5 million current passwords on a Russian file server. No one knows who hacked LinkedIn or what the hackers were planning, but the security breach was bad enough that LinkedIn suggested that users change their passwords. In this case, the hackers stole passwords, so no matter how strong they were, the accounts protected by them were in danger of being compromised. But, big hacker stories that scare you are perfect best practices password fire starters! Let’s change our passwords from weak, stupid ones to strong, smart ones and … let’s make a few different ones so that we don’t use the same one on every site. Inconvenient? You bet it is. And the more inconvenient it is for you, the more inconvenient it will be for the hackers who want your stuff.
When a site asks you to select and fill in security questions, they are not asking for, nor are they entitled to factual information. They simply want you to give them a way to know you are the one who is going to regain access to your account. So, never use real birth date, your real zip code, the real town where you met your husband, your mother’s maiden name, the last four digits of your social security number or anything else I can find out about you with Google or on your Facebook or LinkedIn profile. Don’t even use your drag queen name (your first pet’s name and your mother’s maiden name, mine is Muffin Whitehead) it may be great fun at a party, but it is not secure and it’s an invitation to any interested or motivated hacker to access your account. Make up the dates, pet’s names, towns, etc. Just remember what you words and numbers you used.
As for passwords, they can only protect you if you use them correctly. Here are some guidelines:
Use letters (caps and lowercase), numbers and symbols. The more cryptic your password is, the better it will protect you.
Use computer geekspeak to make weak passwords stronger. Leet replaces English letters with numbers and symbols. For example: a=@, E=3, i=1, S=5, etc. Check out Wikipedia for a complete Leet table.
Leet can help you turn proper nouns, which are very, very easy for machines to crack, into stronger passwords. For example: macintoshczar becomes m@c1nto5hcz@r. You can still easily remember it, but it is much harder to crack.
Make up a sentence and use the first letters of each word to create your password. For example: “Mozart is one of my favorite cats in the car.” would yield the password: “Mioomfcitc.” Then write it in Leet to make it even stronger, “M100mfc1tc.” The sentence is a mnemonic device that will help you remember your password, and Leet makes it much stronger.
Lastly, keep in mind that the longer a password is, the better it is. Change your passwords on a regular basis. No birthdays, names, proper nouns, ages or anything else that looks or sounds like English or says anything about you. As a general rule, don’t reuse them. And, most importantly, do not write it on a sticky-note and put it on your computer monitor — don’t give me that look … you know who you are …
If you keep these very simple principles in mind, you will be much more hacker proof than you are right now. For additional security, setup and use a password on your personal computer and on your mobile phone. Remember, passwords can’t help you if you don’t use them.