It is a long held principle that you cannot have good privacy without good security. One of the easiest things to do to protect your personal information is use strong passwords for any accounts in which you keep sensitive information. To understand the importance of this principle, you need look no further than the recent news stories about the “hacker” who allegedly illegally accessed the personal e-mail and social media accounts of numerous celebrities, including Mila Kunis and Christina Aguilera.
Did this guy use government grade hacking software or other expensive technical applications and years of experience to pull off this heist of personal information? No. He just guessed their passwords. How? According to the FBI, the “hacker” simply gleaned personal details from gossip magazines, websites and social media sites and then tried through nothing more than trial and error to come up with the correct passwords. Birth dates, names of loved ones, favorite foods or pets are data the hacker allegedly “mined” from publicly available resources. I use quotes with the term, “hacker” here, as he has only been charged to date. Secondly, and more importantly for our blog purposes, this was a self-described normal, “curious” guy with no technical or information security expertise.
Now, think about your password(s) and what those people close (and not so close) to you know about you. How hard would it be to figure out your password(s)?
If the answer to the question above makes you nervous, you can do something very simple to help protect your information in using strong passwords on any of your personal accounts and changing them regularly. Creating a password that to anyone but you looks like nonsense is one of the easiest and best protections you can put in place. Some web site sites even now mandate strong passwords and provide a “strength meter” rating of your password when you first create it.
While it is open to technical debate and interpretations, generally, a strong password is no less than eight (8) total characters in length, containing at least one (1) of each of the following:
- capital letter
- lowercase letter
- number
- a non- letter/number character (i.e. #$@!/})
The password also should not contain a word found in the dictionary. Depending on the account, you may not be able to enter a non-letter/number character (amazingly, some banks still do not allow them). However, you can still make your passwords stronger by implementing the rest of these simple requirements and changing your password regularly.
Now you are probably saying, “Sure Scot, it is hard enough to remember the ones I have, how can I remember something that makes no sense.?” I will respond with an example of one, but by no means the only, way to come up with a strong password that makes sense to no one but you.
Take your favorite city, state (or country) and the last year you visited that city. Now just choose one character as your wild card for all passwords (#$!%). For example, San Francisco, California in 1999. Now, you have a strong password: SFCa1999!. Or, pick your favorite song and the first time you heard it. For example, “I left my heart in San Francisco” and 1999 can be used to create a strong password using the first letters of each word: IlmhiSF99!.
You can come up with so many better examples, I am sure. To someone else, this is a string of random letters. To you, this is a strong password that makes sense. And, unlike most habits, it will not even take you two weeks to get used to it. Try it. You will see. Now, whether you choose to keep it truly secret and never share it as so many people do, well, that’s a whole other kettle of fish.
- Scot Ganow