How much information do you store online? Are you on Facebook, LinkedIn, last.fm, eHarmony, Formspring, Hotmail, Gmail or Yahoo? If you are, then there is a chance that someone in the world has your password.
There are two parts of the password equation. The first part involves you. The other part is the responsibility of the company you are entrusting with your information.
Major data leaks are being reported by more online companies everyday. In the past few months alone we have seen: 6.5 million LinkedIn password hashes leaked, 420,000 member accounts from social network Formspring, Yahoo! Voices more than 400,000 usernames and passwords, 1.5 million passwords from the online dating site eHarmony and sadly many more.
What do you do now? Login and change your password, if no one else has beat you to it. The basic principles to follow when creating a secure or "strong" password are:
Use upper and lowercase letters and "special" characters like "!, @, #, $, %", et cetera. Adding just one character to your password can make it TWICE as difficult to crack.
It's also best to use random strings of letters, numbers and punctuation. The easiest way to do this is to think of a phrase you won't forget. Use the first letter of each word as your new password, alternating upper and lower case and adding a special character at the end. For example: "my son eats candy every day!", becomes "mSeCeD!".
Avoid the most common passwords: "god", "password", "123456", "qwerty", "private" or "sex." Also, your childrens' names, pets' names, birthdays or your first initial and last name.
But your work doesn't stop there. Have you used this password anywhere else?
According to studies done over the past four years, 81 per cent of you should be feeling somewhat uncomfortable after reading the last sentence because according to the data only 19 per cent of people use different passwords on every site or system they log into.
So, you login everywhere you have an account and change the password. At least the major websites, like your email, online banking and social networks.
Fix bad password habits
Now is the perfect opportunity to fix your bad password habits. Do not use the same password for all of your accounts again. Wait! Two passwords are not much better. Instead, you can use my favourite solution to most technical problems, that is, more software.
Use a tool like http://strongpasswordgenerator.com/ to generate a truly strong password for each account you have. No, I don't expect you to remember all of these passwords. And I would be sorely disappointed if you wrote them down on a sticky note and stuck it to the side of your computer. Instead, use a password manager that will automatically plug in the correct password for you. I am not recommending using the "remember this password" option that is common in all Internet browsers now. I mean legitimate software dedicated to this purpose with a strong password of it's own.
For the record, it is rumored that Windows 8 will have a built in password manager. Apple has incorporated a password "Keychain" since the release of Mac OS X.
Excellent password managers to install or your Linux, Mac or PC: 1Password, Clipperz, LastPass or Roboform. The great thing about using a password manager is that you need only remember one password, that of the management software. Then you generate strong passwords for each site you need once, record it in your new password vault and forget about it forever.
Or at least until someone cracks a database server again. To be on the really safe side, change your passwords every few months. Maybe put a label on your computer like you do for your vehicle reminding you when to change the oil. The consequences of not doing it are just plain scary.
Do you have any tips or tricks you use to keep your passwords strong and fresh? Share them in the comments below. I'm always up to try a better method.
Jon Reid is an IT professional working in Corner Brook. His column appears every other Tuesday in The Western Star.
I don't think you are foolish at all :) Kaspersky is a solid option. I use a "junk" email address for signing up for some things online as well. Again, I agree that anything done online cannot be 100% secure. There are simply too many variables that are not in your control. All of that being said, don't be too concerned about banking online. Since the advent of online banking they have had new insurances put in place. Banks are very aware that fraud and leaks cannot be prevented and they pay large premiums to cover their and your projected losses. I like your solution with a locked drawer :) There is nothing wrong with an analog system that works.