Good Passwords Will Protect You from the Ashley Madison Hacks of the World
Friday, August 21, 2015
What can you do to protect yourself? In a word, it’s passwords.
A System for your Systems
Hacks are terrible. Having a good password won’t always protect your information from hackers, but it will make it more difficult for the hack to be more terrible for you in the long run. Make sense? Ensure that you have strong (and different) passwords for each online service that you use and have a system that helps you remember all those unique passwords. It’s a chore, but you can’t use ‘baloney1’ for every online service from OKCupid and Google to online banking and Facebook. You’ll need a different password for each service – and they all better be good.
Anatomy of a Good Password
Passwords should be a minimum of 13-15 characters. Yep, it needs to be long. In fact, bigger is better. Advances in password cracking are moving ahead fast so you need to keep up with the times.
For maximum security, you’ll need to change your passwords at least once per year (but every 6 months is better). Each of your passwords should be different for every online service you use. This is undeniably a pain but I have a system for you to use that will make this a no brainer.
Your New Password(s)
The passwords you come up with are going to be a compromise: they need to be good, but you need to remember them.
People aren’t good at coming up with passwords: so I’m going to make it easier for you. Just like counting cards to win at blackjack, you’ll need to learn a system.
Use a System
“Through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.” - XKCD Web Comic
The idea behind the system is not to make a perfect password. The problem with making a perfect password is it works great for a machine but you won’t be able to remember it. What this system will do is give you a good password, possibly even a really good password, but it is one you will be able to remember.
Essentially, you only have one password that you have to remember. This also helps you avoid the pitfall of using the same password for multiple services. The problem with that is if one service gets hacked then those hackers have the password to all of your online accounts. This system prevents that from happening (although good hackers might figure out your system, I have remedies for that).
Generating a Password
The foolproof formula is to use a [random word] + [3-digit number] + [random word] + [first 3 letters of service]
Add the first three letters of the online service to customize the password for each online service. For example, Facebook becomes FAC, Netflix becomes NET, Zapos becomes ZAP, Google mail becomes GOO and so on.
Now combine this with your password and 'halloW517*apronNET’ is your new password for Netflix.
- praY517*apronFAC (Facebook)
- praY517*apronZAP (Zapos)
- praY517*apronGOO (Google mail)
When it’s time to replace all of your passwords, change the order of the pieces. Your password for Facebook might then become apronFAC517*praY. Got it?
Pitfalls and Solutions
There will be some problems using this system because some services don’t support good passwords. They limit you to very few characters and/or they don’t allow the use of non-alphanumeric characters (symbols), or they limit you to just a few. This is bad security practice and these sites and services should use better password standards. That said, there are several methods to deal with these sites:
- The symbols * & - _ # @ are the most likely to be accepted by systems that don’t support good passwords.
- If you encounter sites that won’t accept your good password—yes even some banking sites have strange rules—create a second password that will work with services that only accept short and/or simple passwords. You can still use the system for these.
Nerd Stuff: 2-factor authentication
Two-factor authentication is a good way to make your online accounts secure. What two-factor authentication does is add one more step beyond just your password. Usually this involves linking your online account to an app on your smartphone. When you log in with your password a digital key is also sent to your smartphone app, you then approve the connection and you’re in. If someone had your password, such as your 13-year old son, he couldn’t get in without also having your smartphone. Your smartphone is passphrase protected right? And only you know the code, right?
Don is the Information Technology Manager at law firm of Stahancyk, Kent & Hook in Portland, Oregon. He is a member of the Portland FileMaker Pro User Group, the Apple Developer Connection, and the InterFace 2010 Advisory Council for Oregon and Southwest Washington. He enjoys blogging on his own web sites and others, providing technical support tips in web forums, talking long walks with his son, and learning home improvement and gardening.
Related Slideshow: Mum’s the Word: Life and Beauty Hacks for the Mom on a Budget
Related Articles
- How to Not Be Seen Nude on the Internet
- Personal Tech For Women: 5 Things You Need to Know About “The Internet of Things”
- Five Tech Innovations Changing Oregon
- Personal Tech For Women: 5 Things To Know About Tracking Your Stuff
Follow us on Pinterest Google + Facebook Twitter See It Read It