I saw an amusing video from Ellen DeGeneres recently, and it started me thinking about the issue of password security. The video shows an infomercial for a really stupid solution, but there are several real steps we can all take to safeguard our passwords.
Use Different Passwords
The infomercial is based on the idea that we use different passwords everywhere. This is an important first step, since if a hacker gets access to one password it limits the damage that can cause. The problem with this, of course, is how to remember all those multiple passwords.
You can save the passwords in a text file or spreadsheet, or you can use a password manager . Be sure to protect your master list with a password that is easy for you to remember but difficult for anyone else to guess. If you accidently (or legally) attach this master list to an email, nobody can read it without the master password.
I use a password manager ( Roboform ) for most of my passwords, but keep a spreadsheet for my websites, since for those I need to keep a lot more information than just the password.
Use Strong Passwords
It's amazing how many people choose "password", "123456", or their name as their password. A strong password enterprises 6 or more characters and includes numbers and upper and lower case letters. If the application allows you to use special characters as well, by all means use them.
For example, if you use "password" (not recommended!), You can write it as "9 @ $$ w0Rd". It looks close enough to the original word that you can remember it without too much effort, but is much harder for hackers and their programs to crack.
Better still, use a password generator , such as that included with your password manager. To generate really strong passwords.
Change Passwords Frequently
Yes, I know changing passwords is a pain, but it's a lot more of a pain if you get hacked! I make a point of changing the critical passwords, such as banks and credit cards, every month or two, but I must admit that I often forget. Some applications – banks, for example – require frequent changes: this is where a good password manager eases the chore.
If you choose to use Roboform , you will find the free version is only useful to see how it works: you will need to pay a small annual fee for real application. (By the way, I am not affiliated with Roboform in any way – it's just what I use.)
Keep Your Passwords Private
That seems obvious, but sometimes we need to reveal our passwords, for example to a technical support person. If you must email your password, send the user id and password in separate emails, and change your password as soon as you can after the support is over. I know, that's hard to remember when you're just relieved at having your problem solved, but remember to treat an email like a postcard – anyone can read it.
Use A Good Ant-Virus Program
You need a firewall and a good anti-virus program that will stop key-logger programs from stealing your user ids and passwords. If you are using Windows, Windows Firewall With Advanced Security and MS Security Essentials are minimum requirements. You can also use a commercial ant-virus program, such as AVG or Avast for additional security – do not use more than one, as they can conflict with each other.
Watch The Video
Ellen is always fun to watch – if you did not see the video, watch it now for a good laugh! Http://nakedsecurity.sophos.com/2013/04/19/ellen-password-security-infomercial/ is where you'll find it.