You have all probably heard about maintaining strong passwords and varying those passwords over your different sites. In light of the recent password leaks by eHarmony and LinkedIn, I think now is a great time to talk about why and how we can ensure our passwords are strength level “James Bond” and easy enough to remember.
Most people know that password protecting your info is smart and needed in this day, when it seems everyone is trying to steal your identity. However, some folks are uninformed about the importance of not only password protection, but strong password protection (if your password is ‘password’ or ‘123456789’ — I am talking to you!). Why you ask? Because typically when the hacker tries to access your info – they are typically doing so by something called a “brute force attack”, which actually is a pretty good mental picture. They are coming at your defenses with an endless amount of password combinations until they get one that works. They start with the most common passwords (which all hackers know) and then start going through the dictionary. This process sometimes takes a long time, but let me dispel a myth – they are not sitting at their computer typing in every…single…word that they try. They wrote a piece of software that tries a word every second or even faster until they break in. They can just turn the program on and come back to see if they were able to access your account. So using weak passwords increases your chances of having your data breached.
Yes (see below) and no. If you make up one password and use it for your email, facebook, twitter, bank, etc. you make the hacker’s job very easy. If they can get into one of your accounts, they get into all of your accounts. You want to have different passwords for different accounts. Your email is specifically important as they can use it to reset passwords at other sites (through those ‘forgot my password’ links), so be sure to lock that down. One way to maintain different passwords across different sites is to create variations of one password that are much easier to remember, but are not the same. Use numbers instead of letters, add digits or a few random letters to the beginning/middle/end of the password, etc. Another common way is to simply write down the difficult passwords (not super secure since you can lose it, but someone would have to enter your house/purse/wallet to get the passwords).
One solution that I use is a program called LastPass. It is a web based password utility that encrypts, creates, stores, auto-fills, and maintains your passwords for you. You create one complex but memorable password to access your account and the browser plugin does the rest (saving your passwords, offering to create new passwords that can be as complex as you wish, etc.). The thing that makes it great is that while the passwords and associated sites are stored by LastPass, they are heavily-encrypted (read: coded) – to the point it would take many years for someone to decrypt them. You hold the decryption keys on your local computer so the bad guys could never touch it even if they hacked the LastPass servers.
LastPass works on nearly everything (Chrome/IE/Firefox/Safari/Opera – Win/Lin/Mac – webOS/iPhone/Android/Win Phone/Blackberry) and syncs passwords you save on your PC with your phone and other devices.
Instead of an in-depth tutorial by me – I will link you to two very thorough walkthroughs (why re-work the wheel right?) and offer my assistance should you have any problems or questions (free tech support?).
If you do decide to make the switch over, you should change your major passwords to randomly generated passwords and store them with LastPass to enhance your security. Keep yourself safe — it’s a dangerous world out there in cyberspace.