Passwords and other modern annoyances

Passwords can be a real pain.

We computer geeks really do understand that. It just comes down to the fact that we’re not operating locally anymore, we’re operating globally. Maybe you live in a great community, and you feel safe and comfortable enough in your community to sleep at night in an unlocked house. That’s great. For you, passwords probably seem like a lot of bother for nothing. The problem is that all of our virtual, online “doors” exist in dark corners where anyone in the world within reach of a computer can rattle the doorknob. And they do. You might be shocked how often. It’s hundreds of times. Not hundreds of times in a year, or even a month, but in a day. Sometimes even in the course of a few minutes.

Don’t hand your keys to the villans.

Passwords, as annoying and bothersome as they are, are your only real defense against someone else pretending to be you on the internet. Your email address can be worth a lot to the right criminal. Our email addresses typically become the hub of our online identity. Most of the time, when you set up any kind of online account, it will tie back to your email address. Forgot your password? Here, send an email to yourself so you can reset it. But you haven’t set up online banking? What if someone else sets it up for you using the information that they have gleaned from reading all of your email? This isn’t intended to scare you, just to help you understand how important it is to pick a good key for this lock. Good passwords are important.

But there are so many! I can’t remember them all!

Often, it is tempting to use the same password everywhere. But the problem with that lies in issues like the Sony data breach. Sony’s gaming site was hacked, and the perpetrators got the database of usernames and passwords, along with email addresses, full names and other data. Then they took those email addresses and passwords and logged into those email accounts, and Facebook accounts, and in some cases bank accounts, all because the owner of that email address used the same password in all those places. It is very important to avoid using the same password everywhere.

Solutions:

Here are some suggestions for picking, and keeping track of, your passwords. First, see this XKCD cartoon for a new way of thinking about passwords:
Passwords

You don’t need to follow the math to see that a longer password is better. In fact, it is more important for it to be long than for it to have all of the different types of character sets. A good password, a really strong password, might only have lowercase letters in it if it’s more than 15 characters long. Making use of the additional character sets only amplifies the difficulty of breaking a password. Use a method for picking passwords that will allow you to recreate it later. Use a phrase, not just a word. Maybe if you’re a good touch typist, shift your fingers up one row intentionally when you type your password. That will automatically include numbers in the password, and it will look like a mess, but be simple to remember. For example, “password” becomes “0qww294e” when you use this trick. Now that there’s an example, it’s a good time to note: DON’T EVER USE EXAMPLES YOU SEE ON THE INTERNET FOR YOUR PASSWORDS. You might be amazed how often this happens. Those examples are on the list of things to try first when you’re trying to brute-force a password. There are a list of all-too-common passwords that will not be allowed for this very reason. Also, substituting 3 for E and 7 for T, etc., is not effective, because that’s also on the list of things the bad guys try. It may impress the computer with it’s complexity, but the bad guys can see right past it.

Keeping track of your passwords (NOTE: Post-Its are not the right answer!)

Now that you’ve chosen good, secure passwords for all the eleventy-billion places you have to use a password, how do you remember them all. Here’s how: just remember one. One really good password. And use a program designed to keep track of your passwords. There are quite a few out there. A quick Google search give a few results worth checking into:

These look useful and reliable, please evaluate for yourself which one will work for you and what you’re comfortable using. And it’s almost NEVER a good idea to store your passwords in a web-based tool online. There’s just too much opportunity for fraud.

Persistent, aren’t you?

Thanks for sticking around this long. I hope that this helps you understand what makes for a good password, and how important it is to make it strong. As always, please feel free to contact me with any questions, comments or concerns.

Leave a Reply

Your email address will not be published. Required fields are marked *