Are you one of those people that uses one password for all their sites. Or perhaps you have the old easy, medium, super strength password system with super strength being used for anything with money. Let me give you a warning….don’t.
Thieves are constantly phishing for usernames and passwords. The recent Gawker media theft of all their passwords revealed what we always knew. People use ridiculously easy passwords. The most common password 123456 and thousands of people use it. And the next most used password? You guessed it, “password”. Now I realize that people probably don’t really care if they get their password stolen from Gawker and most people would be crazy to use the same password their as they do on more sensitive sites but I bet you would be surprised. If someone stole your username and password at Godaddy could they use it to enter moniker or paypal? Or how about you wordpress sites. Do you use the same username and password for all of them because it’s easy to remember? If you do, you are asking for trouble. Here’s a method that I am switching over to using that makes it very easy to remember and almost impossible to break. Each time I access a site I change it over to this method.
First I have my three sets of passwords. Easy, medium, hard. The hardest by itself would be a tough cookie to crack but of course it could be stolen. To make each and every password unique I use 4 digits in front of these that are unique to each site. So for instance let’s say my hard password is 45!!!jkrowling (and it’s not) and I go to sign up for BaldingMenAreBeautiful.com. I would use the last four letters of the website to create the password iful45!!!jkrowling. Of course you could use anything from the name as long as you keep it consistent. If you do this, each and every site will have it’s own unique password that would be next to impossible to figure out and even if they did it wouldn’t work on any other account. Sure if an FBI codebreaker got it and figured out the pattern you may be in trouble but hackers like computers and they simply plug that username and password and run it through 100 sites to see if it works on any of them. There is no decoding in password theft.
I promise if you do this you will never have to worry about password theft and you won’t have to keep any passwords stored so you can remember them all. I’ve implemented it and it makes life so much easier and safer. Of course, everything would be much easier if they all used the “text a code” system that paypal has.
Thanks, Shane. Yes, I need to buckle up and make the effort to do this. Better safe than very, very sorry.
Correct, shared passwords are a weak starting point. A few other pointers:
1. Use 12+ digits
2. Incorporate upper/lower/symbols
3. Never keep your password list unencrypted on a computer
4. Security questions should be false, e.g. “Mother’s maiden name: gwbush”
5. Don’t share your passwords with your significant other 😀
Acro,
Great points. Actually do share with my wife but only because somebody has to know them if something happens to me. Have to have some trust in the world.
Shane, it’s awesome. About one week ago, I decided to make all my passwords easily memorable but also hard to find out. Guess what? I came up with a pattern that is frighteningly similar to yours 🙂
What about using something like KeePass auto generate strong passwords and just having them on a USB stick and a backup copy somewhere else. Thats what I do. I dont even know most of my passwords
On Slashdot today “to put things in perspective, your good passwords are pretty weak too”:
http://it.slashdot.org/story/10/12/16/1419256/The-Case-For-Lousy-Passwords