But how to begin? Not everyone agrees with this advice (and the ones who don’t probably never lose their car keys either), but I believe in writing down passwords in a small notebook where they can be corralled in one place but easily hidden in a drawer, file cabinet, etc. Remembering where you hid it? Priceless! One of the most important keys to password protection is not to use the same password for all of your online activities. Hackers and thieves count on us to be creatures of habit. They search for a vulnerability in an unprotected account that we don’t think matters much (like e-mail), use that to figure out a user’s standard password and then “bank” on that knowledge to hack into better-protected sites like online banking or credit card accounts.
Now, it’s on to picking a secure password. Remember that the worst password of all is the one you can’t remember! Your goal then, is to pick a password that is memorable without being easily guessed by either a human or computer-based hacking effort. Listed below are two possible approaches:
1. The National Cyber Alert System of the US Government provides excellent cyber-security recommendations regarding passwords and other topics of interest such as firewalls, phishing attacks, etc. However, since the US Census Bureau uses far stricter guidelines than the Government as a whole, I am going to recommend their approach as the gold standard:
Passwords must have at least 12 characters
Passwords must contain at least 3 of the following different character types:
- Lower case characters (a-z)
- Upper case characters (A-Z)
- Numeric characters (0-9)
- Special characters (@, #, *, !, etc.)
Passwords must NOT contain:
- A word found in the dictionary
- A word found in the dictionary spelled backwards
- Any common sequences such as 123 or abc
- Any 2 consecutive characters from the user’s full name or username
- Four (4) or more of the same character
2. Now, if you’re not ready to join the CIA and the above approach seems a little daunting to you, Microsoft recommends a method of password creation that relies on creating a mnemonic password derived from the first letters of a sentence that is meaningful to you. For instance, you could choose the sentence, “I wouldn’t remember my password if Jack Bauer from 24 were torturing me personally.” Your password could then become “IwrmpiJBf24wtmp.” You could then add special characters, punctuation and other layers of complexity as described on the Microsoft site.
3. Microsoft then recommends that you test your creation at the site’s Password Checker and protect your password in low-tech ways by not sharing it with others and avoiding “shoulder surfing” from others at public computers, ATM’s etc.
By using these tips, you and your data should remain safe and secure no matter where your future social media adventures may take you.
Other great sites to check out for password generation and protection tips:
Buckeye Secure: The Ohio State student cybersecurity Website, which is uncommonly thorough and user-friendly.
How to Steal a Password: Know the enemy so you can spot a trojan horse when one gallops up to your in-box.
How to change your Gmail password now that you are a cybersecurity convert.
Yahoo SSL (secure socket layer) encryption for e-mail log-ins: This is quite a feature. Log-in takes longer, but seems well worth it.
Eek! I'm totally screwed - 12 characters and mixing up the letter case? You make a great point though, there is such a small amount that I DON'T put in cyberspace so this is a great post for people who need to keep the importance of security in mind
ReplyDelete