Sunday, June 17, 2012

Your Password shouldn't be password

How important is your password?

In the wake of what happened a little while back at LinkedIn, pretty important. In case you missed it, about 6.5 million passwords were hacked and released on-line about 10 days ago.

The problem is not so much that someone can access your LinkedIn account. Yes, I suppose they could do dastardly things like change your work experience or write a funny recommendation for someone else. But truth is, LinkedIn passwords themselves are not that valuable.

And now there is a value attributed to those stolen LinkedIn passwords: $1. With $1, a criminal can grab a large Diet Coke from McDonalds or your LinkedIn password.

If someone has your LinkedIn password, it is quite likely they have much more. The trick is that you probably use your password over and over and over again...

...for LinkedIn.

...for Facebook.

...for your on-line banking.

...for your company e-mail.

Getting nervous yet?

A few ideas for making your passwords more secure:

  • Keeping your passwords varied, and not re-using them for at least one year.
  • Avoid Querty-based patterns (for example, 12345 or asdfghjkl).
  • Mix capital and lower-case letter formats.
  • Substitute letters and mix in numbers whenever possible.
  • Switch word orders.
  • and PLEASE don't use the word password

There was a time when I could very often guess passwords. There were three tricks:
  1. Use the word password 
  2. Use the name of a child or pet
  3. Flip over the mousepad.
Using just those techniques, I could break in about half the time. Seriously. Don't be that easy.

Secure those passwords, mix them up, and PLEASE CHANGE THEM every so often. I realize password changes are a pain.  But then so is fighting fraud and explaining that nasty-gram from your e-mail account didn't really come from you.