There are many rules about passwords that you may already know.  These rules are now often forced upon you when creating them (ex. “Your password must contain at least one number, capital letter, the name of a non-crayola color…”).   I don’t usually spend much of my time being paranoid about every aspect of computer security, but some recent research has helped me look at passwords from a different angle.

I will start with my standard password speech.  To make it easy I recommend using a password that is a word or phrase that you will never forget where you replace some of the letters with numbers that are similar to them. For instance you could pick your favorite flowers, petunias, and make it p37un1as.  You can also add a capital letter at the beginning and symbols to make it more secure, P37un1@s!.  Because it is still based on the word you will not forget you simply have to remember which characters you replaced and should be able to figure it out in a few tries.  Making it something you remember will also prevent you from writing it down and hopefully not affixing it to your computer.

What I have noticed recently is that if you have one of these nicely made passwords you are going to use it everywhere so you are nice and safe all the while remembering how to get into all of these various places online.  Wrong! Have you ever noticed that secure sites like banks and stores have that whole ‘Secure Authentication’ thing.  Well the whole reason behind that is when you type any information into your web browser, like passwords, it will be encrypted into a lump then sent over the Internet to its appropriate destination where it is decrypted and verified.  This prevents interceptions of this sensitive data between point A and B because all they will get is the lump and not even know what it is let alone want to spend a bunch of time molding it into letters and numbers.  So if you use the same password on insecure transmissions (non-lumping sites) there is a chance of interception and what is stopping this entity from trying this new shiny bit of information on the other sites you visit.

Ok, new rule, make different security levels.  All the passwords can still be nice letter/number/symbol glyphs as mentioned earlier, but you can make separate passwords depending on how important/secure the sites are.  Banks/Credit Card type sites with the most secure multi-word abscure personal fact type.  Utilities and ‘Just paying a bill’ sites having a normal 7+ character word with at least 1 number and a capital.  Finally a junk password for social networking, forums, coupon clubs, fan sites, etc.

Some of the most secure sites like banks have a new optional feature where they can send you a message on your cell phone each time you login from a new or cookie-cleaned computer.  This is a great feature because your password and your phone would both have to be compromised to login to this bank.   (Don’t store your password in your phone )

Start changing those passwords.  Change passwords as often as you can.  Think of it like a game.  Every time you see a news story about identity theft or a blog about password security, update those passwords.

S7r@w83rry-F13ld2-F0r3v3r!

Here are some links:
Microsoft Password Checker
Verisign – How SSL Works
Special discounts on Norton software.

Posted in Home Computing, Internet - No Comments