Every time I heard ‘be sure to protect your password’, I imagined young men sporting pocket protectors. Security was annoying and nerdish. At one point in my career I was ready to quit a job that insisted I update my password every 60 days.
That was then. This is now. Now I have an online identity. I shop. I bank. I socialize. I blog. I email. I’m always in the cloud. And every one of those actions requires a password. Add to that, two computers and a blackberry and the number of required passwords starts to add up.
This summer Mat Honan, senior writer for Wired and Wired.com’s Gadget Lab had his online identity hijacked and erased in less than an hour. Turns out the hijackers were after his three-letter Twitter handle, and in the process erased all the messages, documents and photos on all of his devices.
Granted Matt could be viewed as a hijacker’s dream for both the publicity and the challenge, but the reality for me was, if they can get through Matt’s robust passwords which were seven, 10 and 19 digits long with alphanumeric characters and symbols – my password, which is rather robust, would be considered a snap.
Is there such a thing as an absolutely secure password? Probably not. But if you’ve taken the necessary precautions and still lose your identity – at least you won’t be furious with just yourself!
According to Internet Strategist Jesse Hirsh part of the solution lies in creating a personal security culture – which are the policies and practices you follow to protect your online persona.
Next time you need a password consider the following:
Don’t always repeat the same password. Once the hijackers have broken the code, they have access to all your files. According to Google, and they should know, password fatigue is what the hijackers are betting on.
Work towards a longer, more complicated password. Make it alphanumerical and throw in a couple of symbols and caps for good measure. Avoid dates and names of significance to you and don’t base your password on your login – a definite no-no, along with 123456. And speaking of numbers – substitutions such as zero for the letter ‘O’ is standard to any hijacker’s password-cracking program.
Scrub your online presence both with a program and manually. Check to see if any e-commerce site allows an opt-out so that you and your credit card information are removed from their databases.
Use a two-part authentication when you need to re-set your password. Have the verification either sent to an email address (maybe one that you use just for these situations) or a mobile device, just to be sure.
And those verification or prompt questions? Create one that either no one knows, or lie about the answer. Definitely ‘What is your mother’s maiden name?’ is outdated.
And Hirsh warns – prepare for disaster. Prepare for the day like Honan, you have to re-create your online identity. Make a list of all of the online properties you use, their passwords and then store them off site, like in a safety deposit box.
At the very minimum, every 60 days, it’s probably wise to reset your password on your main accounts. And yes, there are numerous programs in the cloud that will generate a high-powered, complicated password. But of course, it too will need a password.