New Year Resolution: Improve Password Security

The number of passwords we need to keep track of these days seems to be proliferating.  As we become increasingly enmeshed in the web it is important to take some steps to prevent your privacy and security by managing your passwords.  Like many things that are important (think flossing), it takes an ongoing effort to manage your passwords, but it is well worth it.  Below are some password related do’s and don’ts to consider:

DO

1. Avoid opening suspicious links – even from friends.

2. Ignore security questions to which there are a limited number of answers.  This includes questions such as “What is your favorite color?”

3. Ignore security questions that can be answered using personal information you may have posted on the Internet.  For example, if you have populated your Facebook with a lot of personal information, it is easy to answer the security question “What middle school did you attend?”  Hackers can use the answers to your security questions to reset your passwords and take control of your accounts.

4. Give bogus answers to security questions.  For example in response to the security question “What is the name of your pet?”  You could respond with an answer that is totally unrelated such as “Snowballs melt in Tucson”.

5. Answer a security question with a password hint that has nothing to do with the security question.  For example, you can respond to a question with a question.  “What is the name of your cat?” Could be responded to with the question “Can you see Mars at night?”

6. Use catchphrases.  The longer your password, the longer it will take to crack.  A password should ideally be 14 characters or longer in length. For example you can string together movie quotes, song lyrics or poems. 

7. For very sensitive passwords, consider jamming your keyboard to create a secure password, intermittently hitting the shift and alt keys while doing so.  Copy the result into a text file and store it on a password protected (encrypted) USB.

8. Store passwords securely, NOT in your in-box or desktop.  If you do store your passwords consider doing so on a protected (encrypted) USB that will allow you can copy and paste in passwords so that a hacker is unable to use keystroke logging software to break your password.

9. Consider other options such as keeping information off the Internet completely.  You could store password hints, not the passwords, on a scrap of paper and keep them in your wallet or use a unique or secure email address for password recoveries.  This entails creating a special account you never use for communications and choosing a username that isn’t the same as your name.  In other words, a faux account.

10. Use two password authentications when offered.  This method adds a secondary layer of security to your account.  In order to employ this method you need to tweak your account and have a mobile device that receives text messages.  When you login a text message is sent to your device and you will be required to type it in.

11. Use password-protection software that permits you to store all usernames and passwords in one place. Some programs also have the ability to create strong passwords and automatically log you into sites if you provide one master password.  LastPass, SplashData, and AgileBits are three of the better known software programs that offer password protection for Windows, Macs, and mobile devices.

12. Use different Web browsers for different activities i.e. “Leisure” browsing versus online banking.  By using different browsers, you can prevent inadvertently spreading an infection to all your accounts.  A study published in 2011 by Accuvant Labs, of web browsers that included Google Chrome, Microsoft Internet Explorer, and Mozilla Firefox determined that Google Chrome was less susceptible to attacks.

13. Consider using “throwaway” e-mail addresses, like those offered by 10 minute mail (http://10minutemail.com/10MinuteMail/index.html).  The program allows users to register and confirm an online account which self-destructs 10 minutes later. 

14. Scrub your online presence.  One of the easiest ways to hack your account is through your email and bill address information.  If possible, do not retain this information on file or inquire about using the opt-out mechanisms on the database. 

15. REMEMBER THAT ANYTHING YOU HAVE TYPED OR SHARED ONLINE IS A PUBLIC RECORD!

DON’T

1. Reuse passwords.

2. Use the same password for different accounts.   Hackers regularly exploit the fact that people tend to use the same password across multiple sites. 

3. Use a dictionary word as your password.  If your password is in a dictionary, you might as well not have one.  Hackers will often test passwords from a dictionary.  If you want to use dictionary words string several words together in a phrase.

4. Use standard number substitutions.  For example words like H@ck3r or S3cur3.  Hacker cracking tools can easily break these passwords.  If you want to continue to use standard number substitutions, string several together as suggested above.

5. Use a short password even if it is weird.  Your best defense is the longest possible password.

The Northfield Public Library has computers that are free and open for use with a library card.  We also have a collection of books and periodicals about all aspects of personal computing including SmartComputing in Plain English and Wired.  Books and periodicals are located on the second floor of the library.

Sources: “Hacked” by Mat Honan Wired Magazine.  December 2012, pp., 180-186, 220-224