August 22, 2011 - 2 comments

Tech Tip: Passing Passwords

With cyber age threats like hackers and identity theft looming ever larger, safeguarding your online accounts, be they crucial (bank accounts) or not (Quizno's loyalty program) has become a whole lot more vital to protecting yourself. And yet, many of us don't exercise the best judgment when it comes to choosing passwords. A recent PC Mag article by Jill Duffy hit home, starting with the title: "You Have Exactly Three Passwords, Don't You?" Um, guilty. But not anymore.

Duffy cites studies that show that a large percentage of people use the same password across accounts with different security levels, like Facebook and email, or Gawker and Sony, both of whom experienced hacks and password leaks earlier this year. Duffy has some tips for creating and remembering unique passwords, but I wanted to get our developers' takes, so I asked around the office.

If you're looking for a password manager, Ross Heflin uses Oplop, while Tushar Samant suggests KeePass. These applications help generate and organize unique passwords from a master keyword; what's critical, of course, is picking a strong master that's not readily ascertainable, since if that gets out, you're an easy target. While it sounds simultaneously obvious and risky, the general consensus is that writing down your passwords in a secure place is a wise move. Greg Baugues goes so far as to incorporate a complicated sequence he can find on his desk, like a monitor's serial number or a random client fax number.

Tushar gave me some other great password tips:

  • Make your password a sequence of unconnected words, separated by spaces, hyphens, or whatever you like. DO NOT pick a meaningful phrase. Commonly used expressions, your likes or dislikes, catchphrases, band names, profanities, etc.--all off the table. Knowing more about you shouldn't reveal your passwords, and knowing your passwords shouldn't reveal more about you. In short, make up a boring, random phrase, then give it a meaning.
  • Stick to one case, upper or lower.
  • If you're multilingual, you could use words in a foreign language--just make sure you have the spellings correct.
  • Write down your passwords and keep them in a safe place (i.e., NOT a sticky note on your monitor).
  • Pick an emergency contact person who knows where to find your most important passwords.
  • Remember that technology advances (sometimes in unexpected directions), authorities are fallible, and crooks are smart. Accepted best practices evolve, so be kind to experts who keep changing their minds.

Guess it's time for me to go change "kittenmittens." Sigh.

Anyone else have any good password advice?

Comic © xkcd

Published by: Kathryn Achenbach in Business
Tags: , , , , ,


August 22, 2011 at 11:25 pm

I think since he worked on the Y’s account, Matt’s password is wiggles-n-giggles…

Tom Richard
August 24, 2011 at 7:01 pm

The best password manager is RoboForm. No offense but everyone knows that, that’s why its the world’s best and has had the most downloads. I don’t trust any of these other password managers! When LastPass was hacked I went to Robo and never looked back.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.