You don’t need to be a techie to understand the importance of a password. We all understand that they are the keys to our online life, but it’s also important to understand good password safety. After all, you wouldn’t leave the keys to your front door of your house hanging from the mailbox. It also wouldn’t be a good idea to put your alarm system’s pin code on a post-it note above the panel. I’m here to give you a few tips to keeping your passwords safe as well as recommend a program that will do it all for you.
For the examples below, I’m going to be using http://howsecureismypassword.net/ to test the strength of each password. This website gives you an idea of how easy a password can be cracked. “Cracked” is a term used to describe a computer guessing a correct password. Before we begin, why not test your current one? Don’t worry - it’s safe as it doesn’t send your password anywhere and it’s not associated with an e-mail address or user name.
The first step in keeping your password safe is to create a good password. The trick is to create a password that cannot be guessed easily and you need to remember that it will likely be a computer doing the guessing. Hackers use whole dictionaries to help crack passwords, so using a common word is the same as pinning your password to your forehead. I recommend taking two words that mean something to you and splitting them in half, then using the two halves to create a new word. I happen to like pizza and beer, so I might split those in half and come up with pizbe, or bezza. This alone won’t make a strong password, but you’re eliminating one avenue of attack. According to the tool I’m using, either suggested password would take less than a minute to crack.
Before I go into making a stronger password I want to stress avoiding the use of personal information in your password. People are often tempted to use things like a social security number or a phone number when creating a password, but you may be inadvertently giving a criminal more information about you. If a website is hacked and your password discovered, a clever criminal may be able to figure out exactly what that number means. Keep in mind that the last four of your social security number is all you often need to verify your identity.
To make our password stronger, we’re going to want to add some numbers to make it harder to crack. In this example, I’m going to use the numbers 8 and 24. Pizzas often come in cuts of 8 slices, and beer comes in cases of 24, so both numbers would be easy enough for me to remember. That means a password could be ‘piz8be24’, or I could do be24piz8. While these are stronger, they still only take about 3 hours to crack. Three hours isn’t a lot of time, but it’s far better than under a second. We’re going to want to do better by making our password case-sensitive and adding special characters. A character is either a letter, number, or symbol such as #, $, or !.
A case-sensitive password is one that has both upper and lowercase letters. Most websites actually treat these letters differently, so ‘a’ and ‘A’ aren’t the same. This is why you should always make sure your ‘CAPSLOCK’ key is off when you’re creating or entering a password. Going with our example, I’m going to change one letter to uppercase: ‘be24Piz8’. This improves our password, going from a cracking time of 3 hours to 10 days. If the website allows it, we can also use special characters to make our password even stronger. For instance, if you flip the lowercase ‘i’ upside-down, it looks like an exclamation point ‘!’. That slight change would give us ‘be24P!z8’ and bring the time-to-crack up to 46 days!
The last thing we can do to make our password super-secure is to make it as long as possible. For a good password, 8 characters should be your very minimum with an upper range of 12 to 16. The longer you make your password, the harder it will be to crack. If I stretch this password out to ‘be24erP!z8za’, our lovely tool tells me that it would take 4 million years to crack! All I did was put numbers in the middle of words I know, and change one letter to a special character.
Now that you know how to create a super-strong password, let’s talk about the second step in password safety: keeping things separate! You can’t trust that any website out there will keep your password safely locked up and away from would-be criminals. When you create a password, you’re basically making a key and giving a copy to the website. If you used the same password for every website, then all a hacker would have to do is break into one website and they’d be able to get into every other website where you use the same password. The easiest way to get around all this is to use different passwords everywhere you go.
I know what you’re thinking: “How am I going to remember all those passwords?” The simple solution is to actually keep a few different passwords and alternate where you use them. As a rule of thumb, you should never re-use your e-mail or bank account passwords. These should be unique and as strong as you can make them. For all other websites, you can take the password you have and rearrange it. For example, I could use ‘be24erP!z8za’ for one, and ‘p!z8zaBe24er’ for another. Most websites give you at least three chances to enter the right password, so if you keep three different passwords to alternate, you’ll get in with at least one. If you still can’t remember, you can often reset your password using your e-mail address. This is why your e-mail account MUST ALWAYS have a unique password that is strong and never re-used!
Speaking of unique passwords and protecting your e-mail or bank accounts, one good practice you should get into is changing your passwords regularly. At the very least, you should change your e-mail and bank passwords at a decent interval, like when you need to change the clocks or replace the battery in your smoke alarm.
As promised earlier, I wanted to recommend a program that will help you keep all your passwords safe and secure. This program has been vetted by some top security analysts, and while I could go on for hours about all the technology in it, I’ll simply say that it’s very secure and works very well. The program is called LastPass and is available from http://lastpass.com. This program is like a bank vault for all your passwords, and it fits right into your favorite web browser. What this program can do is generate a password for you, one that is nearly impossible to crack, and save it in a safe place so you don’t have to try and remember it. It can also generate a different password for each site you visit, saving each one separately. It remembers which password goes to which site, so you can easily fill it in when needed. The only password you need to remember is the one to your LastPass account, which should be as strong and secure as you can make it.
I hope to write a tutorial for using LastPass in a future article, but for now you may want to read up on it here: http://helpdesk.lastpass.com/
Disclaimer: Do NOT use the passwords suggested in this article. They are examples to show you the finer points of password creation.
For the examples below, I’m going to be using http://howsecureismypassword.net/ to test the strength of each password. This website gives you an idea of how easy a password can be cracked. “Cracked” is a term used to describe a computer guessing a correct password. Before we begin, why not test your current one? Don’t worry - it’s safe as it doesn’t send your password anywhere and it’s not associated with an e-mail address or user name.
The first step in keeping your password safe is to create a good password. The trick is to create a password that cannot be guessed easily and you need to remember that it will likely be a computer doing the guessing. Hackers use whole dictionaries to help crack passwords, so using a common word is the same as pinning your password to your forehead. I recommend taking two words that mean something to you and splitting them in half, then using the two halves to create a new word. I happen to like pizza and beer, so I might split those in half and come up with pizbe, or bezza. This alone won’t make a strong password, but you’re eliminating one avenue of attack. According to the tool I’m using, either suggested password would take less than a minute to crack.
Before I go into making a stronger password I want to stress avoiding the use of personal information in your password. People are often tempted to use things like a social security number or a phone number when creating a password, but you may be inadvertently giving a criminal more information about you. If a website is hacked and your password discovered, a clever criminal may be able to figure out exactly what that number means. Keep in mind that the last four of your social security number is all you often need to verify your identity.
To make our password stronger, we’re going to want to add some numbers to make it harder to crack. In this example, I’m going to use the numbers 8 and 24. Pizzas often come in cuts of 8 slices, and beer comes in cases of 24, so both numbers would be easy enough for me to remember. That means a password could be ‘piz8be24’, or I could do be24piz8. While these are stronger, they still only take about 3 hours to crack. Three hours isn’t a lot of time, but it’s far better than under a second. We’re going to want to do better by making our password case-sensitive and adding special characters. A character is either a letter, number, or symbol such as #, $, or !.
A case-sensitive password is one that has both upper and lowercase letters. Most websites actually treat these letters differently, so ‘a’ and ‘A’ aren’t the same. This is why you should always make sure your ‘CAPSLOCK’ key is off when you’re creating or entering a password. Going with our example, I’m going to change one letter to uppercase: ‘be24Piz8’. This improves our password, going from a cracking time of 3 hours to 10 days. If the website allows it, we can also use special characters to make our password even stronger. For instance, if you flip the lowercase ‘i’ upside-down, it looks like an exclamation point ‘!’. That slight change would give us ‘be24P!z8’ and bring the time-to-crack up to 46 days!
The last thing we can do to make our password super-secure is to make it as long as possible. For a good password, 8 characters should be your very minimum with an upper range of 12 to 16. The longer you make your password, the harder it will be to crack. If I stretch this password out to ‘be24erP!z8za’, our lovely tool tells me that it would take 4 million years to crack! All I did was put numbers in the middle of words I know, and change one letter to a special character.
Now that you know how to create a super-strong password, let’s talk about the second step in password safety: keeping things separate! You can’t trust that any website out there will keep your password safely locked up and away from would-be criminals. When you create a password, you’re basically making a key and giving a copy to the website. If you used the same password for every website, then all a hacker would have to do is break into one website and they’d be able to get into every other website where you use the same password. The easiest way to get around all this is to use different passwords everywhere you go.
I know what you’re thinking: “How am I going to remember all those passwords?” The simple solution is to actually keep a few different passwords and alternate where you use them. As a rule of thumb, you should never re-use your e-mail or bank account passwords. These should be unique and as strong as you can make them. For all other websites, you can take the password you have and rearrange it. For example, I could use ‘be24erP!z8za’ for one, and ‘p!z8zaBe24er’ for another. Most websites give you at least three chances to enter the right password, so if you keep three different passwords to alternate, you’ll get in with at least one. If you still can’t remember, you can often reset your password using your e-mail address. This is why your e-mail account MUST ALWAYS have a unique password that is strong and never re-used!
Speaking of unique passwords and protecting your e-mail or bank accounts, one good practice you should get into is changing your passwords regularly. At the very least, you should change your e-mail and bank passwords at a decent interval, like when you need to change the clocks or replace the battery in your smoke alarm.
As promised earlier, I wanted to recommend a program that will help you keep all your passwords safe and secure. This program has been vetted by some top security analysts, and while I could go on for hours about all the technology in it, I’ll simply say that it’s very secure and works very well. The program is called LastPass and is available from http://lastpass.com. This program is like a bank vault for all your passwords, and it fits right into your favorite web browser. What this program can do is generate a password for you, one that is nearly impossible to crack, and save it in a safe place so you don’t have to try and remember it. It can also generate a different password for each site you visit, saving each one separately. It remembers which password goes to which site, so you can easily fill it in when needed. The only password you need to remember is the one to your LastPass account, which should be as strong and secure as you can make it.
I hope to write a tutorial for using LastPass in a future article, but for now you may want to read up on it here: http://helpdesk.lastpass.com/
Disclaimer: Do NOT use the passwords suggested in this article. They are examples to show you the finer points of password creation.
No comments:
Post a Comment