A password is a common denominator in everything we do online, along with sign-ups and logins. We have become used to signing in or logging on to a site, forum, dashboard, blog, website or hosting control panel. Username, email and password protection is such a familiar space for us now, yet what are we doing with them? There is a lot we can do technically online, what I want to address in this post is simply what we can do for ourselves personally. Let us look at how we can increase our security and protect ourselves and our content online.
Security Breaches of Passwords
A recent Dropbox security breach for a limited number of account holders highlights the need to limit the number of email addresses and passwords we have “lying around” in a protected spreadsheet, handwritten, or sticky on the PC (do people still do that? Yes!)
I have come across people manually encoding their passwords and PINs either as phone numbers or within phone numbers in their address books. This is not technically safe!
No one will guess my madey uppey password!
Also what is unsafe is the assumption that just because you make up a seemingly “random” password in your head, then no one will guess it. Well that is simply not the case. What we may consider sacred may not be. We talk a lot, and tell people things we may forget later.
The biggest problem with passwords is that we tend to generate 4 or 5 and use them across all our sites, forums and social networks. Some people will do their best to use certain passwords for secure sites (like banking, site hosting, revenue, tendering etc) and then a different set of passwords for less secure sites like social networking, forums, free downloads etc.
Just a note on signing up for free downloads etc. I know most people just generate another Gmail account or similar, but there is a fantastic service, called 10 Minute Email that you can use for the purpose of free instant downloads etc. It really does only last 10 minutes (you can request further increments of 10 mins).
Good Password Protection
So what do we do? How can we protect ourselves better outside of technical means? Let’s look at a couple of options, finishing with my favourite.
We can use different means to randomly create passwords on our behalf. Certain websites will do this at sign-up level, and you have to copy it in order to gain access. Invariably, we forget it or lose it. Certainly, any communication you receive from a successful sign up MUST be saved, including receipts etc.
So we begin with something like our favourite place in the world (or outside) that we don’t talk about every day – say “foxglacier”. Using this as a start, we could begin with foxglacier1 or 1foxglacier1 or 1Foxglacier1 or 1Foxgl@cier1. As you add highercase, numbers and symbols, you are strengthening your password protection. So when it expires, you can move to 2Foxgl@cier2 and so on.
Using an acronym, in my view is probably the easiest to remember and most secure in terms of randomness. For this we need a system, beginning with a sentence or saying or question:
Sentence – “The quick brown fox jumps over the lazy dog.” We can convert that into “tqbfjotld.” (including the period for extra strength). We could then add a meaningful number, as certain sites require a numerical value to be included. So we could choose (NOT your age or date of birth) but perhaps the number of animals in our sentence – 2. Password becomes “tqbfjotld.2”
Using a question can add the question mark for added security. For example – “Where am I going today?” becomes “waigt?” – we could change a letter to a symbol for added strength, “w@igt?”
Acronyms and Relevance
Stay with me now… it’s all very well having an acronym – but it’s only 1. I have just checked how many sites I have logins for, and it’s roughly 120, that’s between 1 and 120 passwords!! So if I want to use a different password for each site, I am in trouble already.
So let’s take the acronym theory a step further. So I have my basic password, let’s use “tqbfjotld.2”. I also know I use sites for both personal and business use (Wordpress, Twitter etc) so I need to differentiate between them – perhaps P and B (or p and b). So for a personal twitter account, I could use “tqbfjotld.2p” and add T or t for twitter. It would then look like “tqbfjotld.2pt” – keeping it all lowercase for now.
For my business twitter account, my password would be “tqbfjotld.2bt”. My Facebook (personal) password would be “tqbfjotld.2pf” or “tqbfjotld.2pfb”. Extra strength would be using a mix of uppercase and symbols, such as “Tqbfj0tld.2pFB”. How cool is that?
You need to decide on a “standard” for things like different accounts for same service (like p and b) and whether things like Facebook should be one letter or 2 (f or fb). Have a standard for numbers, capital letters and symbols. Great symbol replacements are @ for letter a, $ for letter s, < for letter c, 9 for letter p, and 0 for letter o.
Examples of passwords not to use
- The word PASSWORD!
- For your twitter login, don’t use “twitter”
- Your name, nickname, dog’s name, spouse or child’s name
- Your street address, web address, DOB, telephone number, ZIP code etc
- Your car registration number, passport or drivers license number
- Countries, business names, places you have visited and talked about
The more random the better!
What system do you use to generate and protect your passwords? We love learning about new systems, weird and wonderful!