The Password is… Password?

Passwords:

You probably have one. You probably use it for everthing. You’ve probably had it since you were in college/got your first job/got your first online account. You probably have three versions of it: a short one, a long one, and one with a capital letter in it. Let me just tell you, your password stinks.

My password isn’t that bad.

Alright, I’ll give that to you, it might be pretty strong. Unfortunately, it doesn’t end there. Anytime there is a website that you have a password to, there is always a little link right below that says, “Forget your password?” While you might be the only one who knows your password, anyone can click that link to retrieve your password. Then they have to answer a couple of questions: What is your mother’s maiden name? If she’s on Facebook, she probably included it there. When is your anniversary? Look for the anniversary wishes on Twitter.

It sounds silly to think that someone could access your information by knowing silly little trivia that they could find out through a social networking site, but its happened before. Just ask Sarah Palin. Her email was hacked using her birthdate, ZIP code, and information about her high school.

If someone got into your email, imagine the things they could find from there: all your friends, family, any password that you save in your email (just in case), any account numbers, and any other number of sensitive information. Not to mention that if they happened to guess your password, they would most likely know the password to all your accounts.

Yikes! I’m canceling all my accounts for everything online.

Easy there! No need to be rash. You just need to be careful. There are a couple of levels to online security.

Some people only have a couple of accounts and barely maintain an online presence. If you are the type that has an inbox full of subject lines that begin with FWD: FW: RE: FWD: and you have a Facebook account that says your name and has a question mark for a picture, you are probably fine with a password like digitante1357. Basically, your online worth is minimal and if someone hacked your accounts, you may or may not open a new one.

The average internet user, however, probably has accounts with one or two email services (Gmail, YahooMail, LiveMail), multiple social network sites (Facebook, MySpace, Twitter), plus you manage your banking, credit cards, and payments online. The damage, both in time and money, of someone hacking this sort of account could be catastrophic.

Alright, I want to protect myself, but I have a bad memory.

There are a couple of levels of protection when managing your passwords: the tough password and the impossible passwords. Please note the ‘S’ on the end of the second part. We’ll talk about both of these. Closer to the end, we will discuss your password reset questions and how to keep that from being the weak link.

Your locks don’t have to be the best, just better than your neighbors.

If you would like some tips for making a decent password, check out this Lifehacker article on the subject. My favorite is to come up with a phrase, “I read The Digitante blog everyday 24 hours, 7 days a week.” Change it to a letter/number format: IrTDbe247. It would be tough to guess that password. However, if they happened to get it from watching you or through your password recovery, they would be able to get into all your other accounts.

Another optional part would be to add something unique about the site you are visiting. If you have 310 friends on Facebook when you create the password, change it to IrTD310be247. And when you create your American Express password, you could throw the year of expiry in such as Ir2010TDbe247.

Insanity!

If you are extremely concerned about your passwords, you should consider creating a random string of capital and lowercase letters, symbols, and numbers for each of your passwords. You would then enter these passwords into a plain text file. You could then use a program like AxCrypt to encrypt this text file to an executable file with a tough password mentioned above. This encrypted file would be stored as an attachment in your email account which would also have a separate tough password. These passwords can then be decrypted and copy-pasted into the password blank for your accounts. This provides many layers of protection, but is also fairly convoluted and over-bearing for the average user.

You mentioned my answers?

Yes I did. Since someone with a little prowess could figure out your high school, your mom’s maiden name, and your childhood street address to reset your tough password, it is best to use a combination of the real answer and a system of obscuring the real answer. This might consist of splitting the answer into two parts separated by a random word such as: Your high school is Bayside and your favorite word is ‘excited’ or ‘scared’. You might answer the security question as ‘bayexcitedside’. You could make rules with yourself to be consistent that you will always insert the same random word after the third letter. If your mother’s maiden name is Bliss, your answer would be ‘bliexcitedss’.

I can’t believe I wasted all that time. I’m in the first group.

Although you might be an internet novice currently, it is burrowing its way further and further into our society: phones have access to your online account, some customer service lines will ask for your online password for verification purposes, and there is a new, amazing, soon-to-be-eclipsed web service being offered every other day. Passwords are important to maintaining your online presence as well as protecting it.

If you want to strengthen your online presence, but don’t know where to start, you can head to The Digitante homepage and use the contact link to contact me by email or you can give me a call. I would be happy to discuss your password security concerns and help you protect yourself against online threats.

• The Digitante’s Password System…
• Note Taking with Facebook…
• Facebook Privacy…
• Mint…
• Twitter…