Think your password can’t be cracked? Think again.
One of the most common questions I always get relates to passwords. What makes a good password? How often should I change it? And so on. The question is reasonable. Every single application or website we use generally requires authentication of some sort. Anyone who spends even a small portion of their life online will quickly discover that a significant effort is required to manage all the passwords and PINs. However, as annoying as all passwords are, good password management is the single most important thing you can do to protect your online identity.
Mat Honan (@MAT) of wired.com published a really good survey article on the current state of the password and many of the common scenarios by which identities are stolen. Anyone interested in password management needs to read the article (http://bit.ly/Q41uXa). Mat gives a scenario by which Google’s two-factor authentication can be exploited. Short version: hack the carrier account, setup forwarding for the texting request, request Google password reset — voila!
Below are common best practices (published by Mat and others) that will help keep your online identity safe.
- Don’t reuse passwords or link accounts. If a hacker gets one, then they have them all.
- Don’t use standard number substitutions. Phrases like “g0dawg5” don’t cut it anymore.
- Don’t use a regular word as your password. It needs to be random characters. For example, use the first letter of each word in a phrase. Iarwfgatech — I’m a Rambling Wreck from Georgia Tech.
- Don’t use a short password. Passwords must be at least eight characters. Anything less can be cracked in a matter of seconds.
- Enable two-factor authentication using devices such as RSA tokens. Alternatively, some providers utilize confirmation via text.
- Give bogus answers to security questions. Anyone can look up your mother’s maiden name (ancestry.com) or your high school (classmates.com). Instead, use something random. My first car? Try, “Read the Metro Spirit!”
- Do scrub your online presence. People search sites like Spokeo and whitepages.com offer opt out. Use it.
- This one is important. Create a unique, secure email account that you only use for password recoveries. Choose a user name that doesn’t match your real name. And never use it for communications.
Bottom line — Until someone comes up with something better, you need to manage your passwords.
Nerdy pickup line of the week — I don’t need Apple maps to get lost in your eyes.
I hope that you and your family have a wonderful Thanksgiving! Until next time, I’m off the grid @gregory_a_baker.You Might Also Like:
