Safekeeping Your Online Identity: Passwords

It's easy to think online services are unsafe.  What with all the stories about hacking groups inflicting damage on big-name companies and all those annoying viruses that are hidden in emails, Facebook messages, and tweets, sometimes I'm surprised so many people are still online.

One of the major pieces of the online security puzzle is passwords.  Your passwords are the gateway to your online life - while you may not care if someone breaks into your Angry Birds account, I bet you will be pretty upset if someone hacks into your online banking or email accounts!

But fret not, friends - I have come to your rescue with 10 tips and tricks for creating appropriate passwords, with the help of my friends at Hackerspace Charlotte*:

  1. Avoid the most common passwords. "god," "love," and "sex" may have been extremely common back in 1995, but you would think that we'd have gotten better, now that most sites require passwords that are more than 3 characters long, right?  Well, it turns out that "123456," "Password," "iloveyou," and "jesus" are among the most common in 2010.  Make sure you avoid these traditional passwords by Googling "most common passwords" - and pick something different!
  2. Use something you'll remember. No one likes forgetting passwords and clicking on the "Forgot Password?" link every few days.  Consider using the first letters of the words in your favorite phrase.  For example, let's say my favorite movie is Disney's The Little Mermaid, and my favorite song from that movie is "Part of Your World."  As a password, "[email protected]?" would be perfect.  (I'll let you figure out what that means :-))
  3. Don't use anything personal. Birthdays, addresses, names, etc.  If someone intends to get you personally, that's the first set of information they'll use.
  4. Change your passwords up with upper/lower case letters, numbers, and symbols. Say your favorite word is paraphernalia.  Your best friend could know it's your favorite word, but if your password is actually [email protected]@[email protected]@, then chances are your best friend won't be hacking into your account anytime soon.  That said, [email protected]@[email protected]@ is actually crazy hard to remember.
  5. Longer passwords are better. If a password cracker uses a computer to use brute-force your password, it gets exponentially more difficult the longer your password is.  A really good password is "PeanutButterJelly," believe it or not, simply because it's long and uses both uppercase and lowercase letters!  (Though some password cracking software uses dictionaries - change some of the letters for numbers and it'd be golden, like "P3anutButt3rJ3lly"!)  Professionals recommend a password that is 15 characters or more for logging in to a Windows machine.
  6. Don't use the same password for everything! I once heard someone say, "You wouldn't use the same key for your home, office, and car, would you?  Then why use the same password for every site you visit?"  I think the point is clear - use different passwords for different sites.  If you want, use the same "junk" password for sites you don't care about (i.e. that Angry Birds account), but use a unique password for each very important account (i.e. credit cards, Facebook, etc.).  In fact, most of the big hacker break-ins were as a result of finding someone's forum account password (or similar), then using it to access the same person's email account.  It's very, very, VERY dangerous - so use different passwords, okay?
  7. Change your passwords regularly. The fact is, professional password hackers can decipher any password, given enough time.  If you use tough-to-crack passwords and change them on a regular basis, then even they won't be reading your personal emails anytime soon.  You might be interested in using this site from Gibson Research Corporation to see how long it would take to break a password: How Big is Your Haystack... and How Well Hidden is Your Needle?
  8. Keep track of your passwords with a password manager. Beware of using plain text files, including Excel spreadsheets or Word documents.  Hackers can crack those files REALLY easily.  Instead, use something that will encrypt your passwords, like 1Password.  Some people even recommend writing passwords down in a notebook/journal and putting them in a safe (because then a person would have to physically go into your home to find out your passwords, unless you manage to use "Password" for everything - see above).  I say, use whatever works best for you, though I have been pleasantly surprised at how nice 1Password is - it will even create a hard-to-crack password for you!  Password managers are particularly useful if you have multiple devices and can sync them all up to the same server (i.e. the cloud)!
  9. Be smart about where you access your accounts. Public wifi is great for browsing the news and figuring out where the closest coffee shop is, but smart hackers can use the relaxed security to grab your password for your sensitive information (if you send your password through the system while on public wifi).  Wait until you're at home to check your account balances or pay your credit card.
  10. Keep an eye out for potential disasters. Just as you watch your credit card statements for fraudulent activity, watch your online accounts.  Know what you're sending to your friends, via email, Facebook, or Twitter.  Know how much money should be in your online bank account.  And if things go wrong, change your password and notify the site's owners immediately.  Once hackers know your full name, address, and social security number, their identity is essentially yours - don't let it happen to you.

*Hackerspace Charlotte is full of wonderful, kind, non-evil hackers.  (This blog post is focused on the bad ones, who crack passwords for personal gain and infamy.)  For those not in-the-know, hackerspaces are like community garages where people gather together to geek-out.  They build 3D printers, play Dry Ice Jenga, and brew their own beer (sometimes).  Some of them are professional password crackers, employed by big-name companies (like banks), who help make those security systems as strong as they can possibly be.  I do not, nor have I ever, affiliated myself with people who partake in dangerous and illegal technology-related activities.

Do you have any questions about technology? Let me know in the comments, and I'll do my best to answer them!