With cyber age threats like hackers and identity theft looming ever larger, safeguarding your online accounts, be they crucial (bank accounts) or not (Quizno's loyalty program) has become a whole lot more vital to protecting yourself. And yet, many of us don't exercise the best judgment when it comes to choosing passwords. A recent PC Mag article by Jill Duffy hit home, starting with the title: "You Have Exactly Three Passwords, Don't You?" Um, guilty. But not anymore.
Duffy cites studies that show that a large percentage of people use the same password across accounts with different security levels, like Facebook and email, or Gawker and Sony, both of whom experienced hacks and password leaks earlier this year. Duffy has some tips for creating and remembering unique passwords, but I wanted to get our developers' takes, so I asked around the office.
If you're looking for a password manager, Ross Heflin uses Oplop, while Tushar Samant suggests KeePass. These applications help generate and organize unique passwords from a master keyword; what's critical, of course, is picking a strong master that's not readily ascertainable, since if that gets out, you're an easy target. While it sounds simultaneously obvious and risky, the general consensus is that writing down your passwords in a secure place is a wise move. Greg Baugues goes so far as to incorporate a complicated sequence he can find on his desk, like a monitor's serial number or a random client fax number.
Tushar gave me some other great password tips:
- Make your password a sequence of unconnected words, separated by spaces, hyphens, or whatever you like. DO NOT pick a meaningful phrase. Commonly used expressions, your likes or dislikes, catchphrases, band names, profanities, etc.--all off the table. Knowing more about you shouldn't reveal your passwords, and knowing your passwords shouldn't reveal more about you. In short, make up a boring, random phrase, then give it a meaning.
- Stick to one case, upper or lower.
- If you're multilingual, you could use words in a foreign language--just make sure you have the spellings correct.
- Write down your passwords and keep them in a safe place (i.e., NOT a sticky note on your monitor).
- Pick an emergency contact person who knows where to find your most important passwords.
- Remember that technology advances (sometimes in unexpected directions), authorities are fallible, and crooks are smart. Accepted best practices evolve, so be kind to experts who keep changing their minds.
Guess it's time for me to go change "kittenmittens." Sigh.
Anyone else have any good password advice?
Comic © xkcd