An article in the New York Times about poor password protection should alarm anyone who values their privacy or money -- especially if you use Facebook and MySpace since a company apparently unknowingly gave up the goods on 32 million users. The data were analyzed by good guys to find out what passwords people used. Sadly, they are the same ones used 15 years ago.
Simple Passwords Remain Popular, Despite Risk of Hacking
In the article, one of the industry's best-known hackers explains why we keep using poor passwords: information overload. He recommends that you maintain at least two passwords in your head. One can be semi-easy for stuff you don't necessary care to protect; the other should be difficult and used for anything involving online banking or e-commerce. The standard is to create an alphanumeric expression that is at least 8 characters long and doesn't spell anything you'd find in a dictionary or that follows a common numeric pattern (like 123456). Use of symbols such as $ and ! also are encouraged.
Some particularly sensative programs require you to change your password every 45 days or so. What I do to keep it simple is just exchange a lowercase letter with an uppercase one so that the pattern is the same but the computer sees it as a different password altogether. For instance, if I had been using bp!ogu23xv, I'd next use Bp!ogu23xv. Then BP!ogu23xv, etc. etc. If nothing else, it buys you time.
Here's a cool graphic you'll need to enlarge by clicking on it. It's from the NYT, too.
11 comments:
thanks for sharing, my password has been ok
"america1234" but maybe I should change it now - LOL okay just kidding :-)I have always been pretty good with my pw's and updating them....keep people away from my piggy bank!
Thanks, I just changed my 263 passwords...........
At work we have to change passwords every 6 weeks... They have a full-time dedicated Help person for pw retrieval.
Interesting stats in the graph - thanks for sharing!
yikes, now you're scaring me...but in a good way, I'll have to re-think my passwords.
Louise says, way important Anne...me, I like to use short phrases, like..."idispisehackers" LOL
I read an article not long ago that hotmail and yahoo mail don't do anything to block brute force attacks. So since I know your hotmail username I could try and guess your password as many times as I want until I get it right.
That can be stopped by enforcing a delay after 3 (or 30) failed login attempts.
If I am afraid of trying this myself I can pay an oversees hacker $100 to do it for me.
So I'm probably not going to try and figure out yours but if I were a jealous lover or stalker, $100 isn't that much...
thanks for sharing, I am one of those people who have one password for everything but that changed right after I read your blog!
The one that used to always floor me was "adm$n" for a system administrator. Timely article!
Good reminder. I need to change my passwords again, it's been a little too long (kind of like the oil change I keep meaning to get to). Hmm.
My passwords are so complicated but my brain feels overloaded knowing 12 12 character passwords.
Thanks for sharing this article.
Tom
Very good, Anne, thank you! So, I take it you're doing some interesting freelancing work now, huh? and you're right, it is information overload.
Post a Comment