A few years ago, that could have been me. I used the same password. It was easy for me to remember. I did not want to try and remember 100 different passwords. I had tried a software solution that stored passwords and even generated very strong passwords for me. I lost them all when I had a system crash and had not backed up my data (another topic for another time). So, I decided to take the easy way out and used the same 7 character password everywhere. There are numerous problems with that solution. Chiefly, if your password is compromised at just one site, it is compromised everywhere. It seems like every week we hear about another company that had a data breach and the Russian mob now has the passwords and logins for 2 million people that used a certain Web site. It might not even be a bank Web site. But they know that people take the easy way out and use the same password everywhere. So, they got your login at ESPN.com, no big deal. But now if they find out where you do your banking, they have that password as well. That could pose a problem.
The solution that I found was on Lifehacker.com and was written by Gina Tripani. She recommended using a password system. You start out with a 6 or 8 or 10 character core that you will remember. Whatever works for you is fine. A combination of letters and numbers is preferred. Even a word followed by numbers that mean something to you is fine. So, say 1234qwer is your 8 character core. (I know it looks random, but look at your keyboard to find where I got that character core) That core will be used everywhere. But what will make it unique, is adding letters at every different Web site. Take the first two vowels in the domain name of the Web site and add them to the beginning of your core and take the first two consonants and add them to the end of your core. For example, I will use Amazon.com, a fairly popular online retailer. With this system, your password for Amazon.com would become aa1234qwermz. I took the first two vowels in Amazon.com, aa, added the core in the middle, 1234qwer, and the first two consonants in Amazon.com, mz, to the end. That left me with aa1234qwermz, a strong password and a very easy system to remember at every Web site. You can change the system to whatever works best for you. If you want to use the first three consonants and the last vowel or last two consonants and first three vowels, that is fine. Just pick a system and a core and you are good to go. There will be some exceptions. Some Web sites require a certain number of characters and that may not conform to your system. Or they may require just numbers, but the vast majority of Web sites will work with this system.
Another potential source for hackers is the security question. Most Web sites allow you to have your password sent to the email on file or have the password reset if you correctly answer the security question. Most of these questions are benign questions about your past. Where did you go to high school? What is your mother's maiden name? What was the make of your first car? It is very easy to look at those questions and answer them honestly so that you will remember the answer. The problem comes from the proliferation of social media sites. They make it very easy to find out data about your past. So, I hack your email account because the password is CoCo, and then I find out where you went to high school, and now I own your online identity. So, what to do with the security questions? Pick an answer, and use it for every single security question. Pick your favorite band, football team, brand of shoes, whatever and use it for them all. What is your mother's maiden name? Soundgarden. Where did you go to high school? Soundgarden. What is the make of your first car? Soundgarden. It will not make sense, and that is the goal. You will know the answer, but the hacker in the basement can't easily figure it out.
If you need a password system, try it out and let me know what you think.
No comments:
Post a Comment