Are you password smart?

If you’re proactively managing your job search or career these days, you’re no doubt online. You should be on LinkedIn. Social media sites like Twitter, Facebook and others can be helpful. You may be blogging, visiting various job boards and career sites. To do so, you need passwords. Are you being smart about yours?

Weak passwords can yield bad consequences

At one time we all probably visited a handful of sites once perhaps monthly, that needed a user name and password. Then, it was typical to have the same password for each site visited. It was also common to have your password be something easy to remember. The name of your pet or first-born child for example. Today, you may visit 10 or more sites daily that require identifying information.

The old methods of using the same password for all the sites you visit, along with an easy password will not serve you well at all. The hackers have something called a “Rainbow Table” that can guess an easy password in just over a second. To protect yourself against this kind of hacking, use a password that is long – at least 8 characters. And this is important. Use different passwords for different sites, even if you visit several regularly.

You may be saying, “Barb, we’re just talking social networking here; not my bank.” Well, here’s the deal. In the past month, I’ve received seven emails from friends or colleagues explaining that their email accounts were hacked. I actually knew this already, because I had received emails – supposedly from them – with links to sites none of us would visit. If hackers break into your email account and get your password, they have a program that can match up your profile with the top sites you may visit. They then try to log into those sites using your information. Next, they try to gain access to your personal data, including credit card and other financial information.

With just one compromised account, the bad guys can retrieve information  that may include your social media accounts, yes. But also your investments, online shopping accounts and checking or other bank accounts.

You don’t want to make the top of this list

Weak passwords are a welcome mat for hackers to “come on in” and take contact lists, phone numbers – a myriad of information. Their goal may be to steal your identity, or it may be to sell your information to spammers. None of it is good for you. So what are some bad passwords? Here’s the list of Top 25 most used passwords in 2011, compiled by Forbes and the Top 500 of all time, as shared by What’s My Pass.

So, what to avoid? What makes a bad or weak password?

  • Your birthday or any date that might have significance for you.
  • People’s names or any name that has significance for you.
  • Personal information such as your license plate, social security (yikes) number, or phone number.
  • Dictionary words – words in any language that can be found in a dictionary or on the Internet.
  • Words or phrases from books, films, poems, songs, famous speeches, etc.
  • Commonly used passwords. If you check the links above, you’ll see passwords like 123456, password, iloveyou and abc123. You just have to be more inventive than that. The hackers certainly are.

Characteristics of a strong password

So how do you choose strong (and different) passwords for each site you visit? Here are some tips:

Choose at least 8 characters from the following categories:

  • Uppercase letters: A, B, C, D etc.
  • Lowercase letters: a, b, c, d, etc.
  • Numbers: 0,1,2,3,4,5,6,7,8,9
  • Symbols: (#,),@,? – anything on the keyboard that isn’t a letter or number

Following the “8 4 Rule” can work well.

  • 8 = 8 characters minimum length
  • 4 = 1 lower case + 1 upper case + 1 number + 1 special character

The above rule works well with many systems requiring that your password be from a variety of character classes. The letters a to z are one character class. A to Z is other. 0 to 9 another, and the symbols are a fourth. The more character classes you use, the more secure your password will be. So “rhubarb” is less secure than “RhuBarb” which is less secure than “Rh1B@r!”

It’s all about you

Here are some ideas on coming up with words that only you would know:

  • Choose two objects from a picture that you’ll always remember. For example, a framed drawing from your child’s first grade gift to you might be horsebirds.
  • Choose two  terms from a memorable purchase. For example: pinedoor (first house).
  • Look through a catalog and choose two terms based on something you see.
  • Look up a random article on Wikipedia and choose two words found in the article.

Then separate your two words with symbols and numbers; add capital letters. So pinedoor becomes Pine&1doo!.

  • You can pick a phrase that is easy for you to remember. For example, “Salad is always a good choice for lunch.” Your password could be $1@agc4L. Starting a password with a symbol makes it stronger. Using $ for the letter “s”, 1 for the letter “i” and @ for “always” are examples of how to substitute letters with symbols you can remember.

Some systems require you to change your password every 180, 90 or 60 days. If you’re familiar with the cycle, you can add a date based component to your password and change it each time it is required. For example, J12 could be added when you need to change your password in June of 2012.

The storage and memory challenge

Obviously, the more complicated your passwords are and the more of them you use, the tougher they are to remember.

RoboForm,  Password Safe and LastPass are just three of a number of tools available to help you securely store and remember your passwords.

Keep in mind that there are different types of vulnerability with your method of storage. Even with the use of online tools, there is always the potential for security breaches. And if you choose to use the older method of storage – paper – that can certainly work well for you. If you’re working from a private home setting with no one sharing that space but your spouse or Fido, the dog, your risk is different from that of having your computer in a cubicle office with 100 or more people who might walk by on a daily basis.

If you’re a work user, it may be against your company’s policies to write down your password. If someone finds it and does something bad with it, YOU could get fired. Even if you write it down and put it in a drawer, it’s not very secure. What are you going to cover the sticky note with, when the night custodian comes in or the meeting is in your office? Find out what your employer’s policies are regarding passwords, and stick to them. Now, I’m going to assume you’re NOT conducting your search from the office of course.

If you feel you need a non-digital storage to help you remember your passwords, and you’re in a home environment free from traffic, you can pick a spiral notebook to record your password activity. Keep in someplace that you will remember; someplace no one else needs to be aware of. Realistically, the chances of someone breaking into your house and stealing your passwords are next to none. Even if your house is burglarized, they’re apt to take the whole computer and your pearls. They’ll not likely be rummaging around for your spiral notebook so they can harvest money from your bank account. That means that spiral should not be on the desk with a “Passwords” title!

Think of passwords as keys. You probably lock the front door and take the keys with you when you leave. You probably don’t leave your keys in the ignition when you go into the grocery store. Your passwords are your keys. Your identity is at stake. That’s more important than any string of pearls.


Photo: marc falardeau

Leave a reply