IT Security Schloss vor Crypto-Hintergrund - grau - Kontrast by Christoph Scholz

Blogging & Social Media Tips, Technical & How-to

Time to Change Your Passwords!

6 Sep , 2018  

You ever feel like this, when it comes time to change your password? It’s a good idea to change them frequently – maybe not this frequently, but every 2-3 months is good.

It doesn’t stop there. Password requirements vary by website, but some are ridiculously complicated.

Sorry but your password must contain an uppercase letter, a number, a haiku, a gang sign, a hieroglyph, and the blood of a virgin.

Mitch Mitchell of I’m Just Sharing has some great tips in his post, Easy Ways To Create Tough Passwords, none of which require bloodletting. One of my friends in cybersecurity claims the best password is the one that’s so secure you have to request a password reset every time you log in. This is reassuring, given how often I forget my own passwords — double the pain when everything’s set to require dual authentication. I highly recommend dual authentication, aka 2-factor authentication, for every reputable site that offers it, especially for banking, credit cards, and any email address that can be used to reset passwords to things like your bank account or credit cards. But even that – in theory – can be hacked, if you leave your voice mail enabled. See Attackers Hit Weak Spots in 2-Factor Authentication.

If you use any of Time’s 25 worst passwords of 2017, please turn to the person next to you (extra points if it’s a total stranger, and bonus if you film it for YouTube) and say, “Hit me upside the head – HARD.” A good password is easy for YOU to remember, damned near impossible for a family member, friend, or social engineer to guess, and difficult to hack. Here’s some more good advice on how to create a strong password. It’s important to remember all the reasons a bad password is bad, too, so pay close attention while reading that article.

Also, if you mistype your password anywhere, change it. There are ways to log attempted passwords – I used to have a plug-in that did – and an unscrupulous person could use that minor typo to guess your password. This is probably only dangerous if you use the same password on multiple sites; that’s a bad practice for any number of reasons, but that’s an obvious one. In other news, that plug-in used to make me laugh. Oh, the things hackers think of… no, I’m never going to use justinbieber as my admin password, but thanks for playing, you silly dweebs. That you’d think I might set it to 123456 is just insulting.

Stop Referral Spam

This one’s a bit complicated. If you never use Google Analytics, don’t ever have reason to report site metrics to an advertiser, and are singularly lacking in curiosity about how many visitors your site gets and where they come from, then you can probably just ignore this one. But if you do look at site metrics, don’t get curious about every referrer, especially if they have a 90% or higher bounce rate, and you suddenly see hundreds of hits coming from them. It looks good at a glance, but it ain’t real. Do not give them the visits they seek by clicking on their links out of curiosity! They want you to be their referrer!

Here’s the best, most simple explanation I’ve found on how to eliminate most of the problem: Referral spam: attack patterns and countermeasures.

Take a Backup While We’re at It

I know you don’t want to think about any of this, but while I have you here… go back up your precious novel in progress. Those once-in-a-lifetime vacation pics. Those photos with your kids – or grandkids – they won’t stay young forever, and you’ll never recapture that moment, so make sure you have it backed up several places. I can’t stand to hear grown-ups cry.

 

 


Featured Photo Credit:

, , , , ,



11 Responses

  1. Bellybytes says:

    Changing a password is more difficult than changing underwear! It’s hard to remember so many passwords for so many situations a- the ATM, the tax man, and a ton of other numbers like the Unique Identification Number which every Indian has , the passport number …….

  2. It is tough coming up with passwords that are easy to remember and difficult to hack. On top of that, I need to have a fun password that makes the task a little less boring. am I stressing myself out unnecessarily?

  3. Kalpana says:

    Omg… I did exactly that, this very morning!!! And I see your post on this topic… Its just too uncanny. A timely post and well researched one too. Thanks for all the valuable tips and I love that pic. Too damn funny. 😊

  4. Holly, you have done a great service to your readers by pointing out the need for putting some effort into creating strong passwords. Now, based on the first two comments here, we come to the real-world reality: it’s tough. That’s why I swear by the advice given in this link on the LifeHacker story: How Big Is Your Password?

    The LifeHacker author–perhaps intentionally–mistitled that link, which is actually, How Big Is Your Haystack?. The correct title makes sense, once you’ve started reading the article:

    “Every password you use can be thought of as a needle hiding in a haystack. After all searches of common passwords and dictionaries have failed, an attacker must resort to a “brute force” search – ultimately trying every possible combination of letters, numbers and then symbols until the combination you chose, is discovered.”

    The idea is to make sure that each of your passwords is in one of the haystacks that would take several centuries for the fastest computers to crack.

    While I encourage everyone to go read that article from top to bottom, the executive summary is as follows:

    The haystack size depends, in part, on how many possible combinations exist for each type of character. Most sites accept four types: lower-case letters, upper-case letters, digits and symbols.

    The length of the password, multiplied by the combinations equals the haystack size. (This is simplified. To get exact number, use the calculator on the site.)

    In summary, the larger the haystack, the more time it takes to exhaustively search for the needle that is your password!

    The GREAT thing about all this is that your passwords do not have to hard to remember. Since the largest group of characters is the symbols (33), you just have to make up a memorable pattern that, like your fingerprint, can be used over and over again. The trick is to also come up with your own method for remembering a word to associate with each website or login that you use regularly.

    To get an idea of what I am driving at, consider this password:

    xyz2$$abc1X##

    That’s uncrackable. It’s also unmemorable, but it has all the elements needed to make it more memorable: two short “words”, separated by a pattern. Why not combine the two short words and surround them by the pattern?

    If you made a habit of adding 2$$ before a word and 1X## after it, you’ve got yourself a memorable password manager, and you don’t even need to rely on software! (You would still use software, but if you lost it, at least you would be able to log in to your accounts.)

    It’s pretty obvious that I am hinting that you should use some part of the website’s name as your word…but, that’s up to you. Some sites are still stupidly restricting you to letters and numbers and others won’t let you put long passwords into their form. Do the best you can with those.

    Cheers,

    Mitch

    • What you’re hinting at there is advice that’s been given many times! I tend to use some mental variant of it, along with things easy for me to remember (like that stupid security question about first pets name – oh, my imaginary unicorn’s secret nickname?)

      • Here’s hoping at least one more person heeds it. As I get older, memorable patterns become more important. I have a massive folder full of backups that I can’t read, because I forgot the password!

        DOH!

        LOL.

        Cheers,

        Mitch

  5. I have such a nasty time remembering passwords, and with so many accounts, social media handles, it becomes difficult to remember them. Though we can login with Twitter, Facebook, G+, sometimes they do throw up a problem when you try to login through your phone.

  6. First, thanks for sharing my link.

    Second, as I went around changing my business email address on sites that required it I decided to make my passwords harder than most of them were. I went for length and numbers rather than symbols, although symbols are also great.

    Third, I’d still recommend having a paper file somewhere with all your passwords “just in case” your technology gives out on you. My wife had to buy a new cellphone yesterday and she couldn’t remember a single password to anything except one app, but she couldn’t get to the Play Store on her phone because she couldn’t remember her Google account. lol She’s lucky to have me around because I found the website (which she didn’t know they had) she could sign into and get the information she needed.

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: