The Perils of Passwords (a.k.a. Sony’s Security Sucks)
Yes, we have all read about the latest global company to get hacked, and once again our online identities are open to use and abuse (well… even more than they were before anyway…)
The question that I have to ask myself is; How can I really protect myself online?
Ask yourself this simple question: Do I use the same/similar passwords for all my accounts?
Now I happen not to, but I am in no way adept at protecting myself. In fact this very blog has been attacked in the past by Spam Bots, and when the Gawker sites got hacked, I quickly found my Facebook and Twitter accounts had been accessed.
How can you prevent the cascading loss of your identities?
Well I now use this set of simple rules:-
- NEVER use the same password across all my accounts. This is the golden rule!
- I (try to) use differing passwords for differing systems, for example;
- Banking -> I use a different password for ALL online banking accounts and credit cards.
- Online ‘forums’ that don’t matter -> I use one password for them all
- Chat Clients (MSN, Skype etc) -> I use one password (but not the same as the ‘forums’ one)
- eBay -> Unique password
- PayPal -> Unique Password (but similar to eBay so I don’t forget it)
- Desktop / Laptop -> Unique passwords for each
- I use numbers instead of vowels and punctuation marks in order to make long/complex passwords.
- Consider the password “password1″ – that could take Dictionary attack a few seconds to bypass, whereas “p4ssw0rd_h4rd” would probably only be cracked by Brute-force and could take days.
- I Check my password strengths here: http://www.passwordmeter.com/
- I use alternative email addresses (e.g. an unused Hotmail account) for Forum/Tech sites that force you to register.
So now you see what I do, consider these common passwords and ask yourself how many of them (or variants) you use…..
- Wifes name
- Kids name
- Date of Birth (forwards, backwards, wife’s, kid’s etc)
- Favourite pets name
This might interested you too – XKCD’s detailed description of how insecure your password could be, even following these rules…