You ever feel like this, when it comes time to change your password? It’s a good idea to change them frequently – maybe not this frequently, but every 2-3 months is good.
It doesn’t stop there. Password requirements vary by website, but some are ridiculously complicated.
Mitch Mitchell of I’m Just Sharing has some great tips in his post, Easy Ways To Create Tough Passwords, none of which require bloodletting. One of my friends in cybersecurity claims the best password is the one that’s so secure you have to request a password reset every time you log in. This is reassuring, given how often I forget my own passwords — double the pain when everything’s set to require dual authentication. I highly recommend dual authentication, aka 2-factor authentication, for every reputable site that offers it, especially for banking, credit cards, and any email address that can be used to reset passwords to things like your bank account or credit cards. But even that – in theory – can be hacked, if you leave your voice mail enabled. See Attackers Hit Weak Spots in 2-Factor Authentication.
If you use any of Time’s 25 worst passwords of 2017, please turn to the person next to you (extra points if it’s a total stranger, and bonus if you film it for YouTube) and say, “Hit me upside the head – HARD.” A good password is easy for YOU to remember, damned near impossible for a family member, friend, or social engineer to guess, and difficult to hack. Here’s some more good advice on how to create a strong password. It’s important to remember all the reasons a bad password is bad, too, so pay close attention while reading that article.
Also, if you mistype your password anywhere, change it. There are ways to log attempted passwords – I used to have a plug-in that did – and an unscrupulous person could use that minor typo to guess your password. This is probably only dangerous if you use the same password on multiple sites; that’s a bad practice for any number of reasons, but that’s an obvious one. In other news, that plug-in used to make me laugh. Oh, the things hackers think of… no, I’m never going to use justinbieber as my admin password, but thanks for playing, you silly dweebs. That you’d think I might set it to 123456 is just insulting.
This one’s a bit complicated. If you never use Google Analytics, don’t ever have reason to report site metrics to an advertiser, and are singularly lacking in curiosity about how many visitors your site gets and where they come from, then you can probably just ignore this one. But if you do look at site metrics, don’t get curious about every referrer, especially if they have a 90% or higher bounce rate, and you suddenly see hundreds of hits coming from them. It looks good at a glance, but it ain’t real. Do not give them the visits they seek by clicking on their links out of curiosity! They want you to be their referrer!
Here’s the best, most simple explanation I’ve found on how to eliminate most of the problem: Referral spam: attack patterns and countermeasures.
I know you don’t want to think about any of this, but while I have you here… go back up your precious novel in progress. Those once-in-a-lifetime vacation pics. Those photos with your kids – or grandkids – they won’t stay young forever, and you’ll never recapture that moment, so make sure you have it backed up several places. I can’t stand to hear grown-ups cry.