With the recent debacle concerning LinkedIn (DeskDemon also posted an article about this) and seemingly how easy it is to hack in to someone's account - be it Facebook, Twitter - or worse, bank and personal accounts, I've done a bit of reach on some do's and don'ts to help me chose better passwords.
I thought it might be helpful to share some of the ones I thought were valuable:
Don't use the obvious - it's obvious, right? Apparently passwords stolen from LinkedIn contained words such as - password, 1234, monkey, god, career, etc. - yes, obvious ones. But also ones like children's names, favourite football player/team, pet's names, star sign, birth month and year. The experts tell us to think about what information you have in the public arena - and what a potential hacker could work out from Facebook, etc.
But I've already got a difficult password and I use it everywhere, so I'm alright. The research I have done suggests that a difficult and long password - some suggest 15 characters at least! - are the best to have, but you need a different password for each protected area you visit. Research also suggests that you should change your password frequently, and by this they mean about once a month!
I use an unusual word - so I am safe. One thing I did learn was that never use a word that is in the English Dictionary - as these scammers run a programme that contains all 'normal' words - and can even work out words like Man@hester, Cl00ney, Evert0n09, Rhiann&, Beckh£m etc.
Where for art thou? I thought a useful tip was to make up a nothing word from a line from a film, book, song, saying or phrase that you will remember - i.e. To Be or Not To Be = TBONTB - then add any number of !!££&&!*2874 that you will remember. You could always use a foreign phrase or family saying - even harder to crack then.
But how can I remember them all? It's so tempting to write them down, but this say the experts, is a big no-no and can create more worry (especially if you can't read what you've written or lose the bit of paper, notebook, etc.). There are sites out there as well that will safely(!) store your passwords for you - so, you only have to remember one to enter that site, and apparently these passwords are encoded, so they are not seen by the site storing them. I guess meaning, that if they were hacked and your password did get out there for all to see, the encoding would keep you safe. I haven’t done much research on them yet. (I will update this blog again/or reblog if I find any that I think are easy to use and seem legit, if you know any, please let me know.)
It is a minefield really, especially as we are more reliant on technology more than ever. I do wonder (and worry) about the security of iPhones, Blackberry's etc. - as they are really mini-computers - the phone part seems to come way down the list after email, messages, internet, games, etc. We seem to focus our concern towards laptops, PCs etc. - but don't give much thought to phones.
Regarding LinkedIn, I really thought that a professional site where it encourages you to post detailed information about your career would have better online security, but I guess if these hackers are determined enough, they can get into anything. And the lack of information available from LinkedIn, I have been sorely disappointed with LinkedIn and how it has handled this situation.
And the big question for me is: if I have a really long, difficult, with a phrase password that I change once a month, if that gets stolen and published what difference does it make - once it's out, it's out!! Surely all sites should have a secure robust security in place, so if it does get stolen, it is at least encrypted.
Anyway, these are my thoughts.
Be great to hear your comments, and if you have any tips, please do share, as I'm running out of words and phrases that I can easily remember :-)