Friends, it’s time to change your password. Reasons to change your passwords:
1) A site you have used has been hacked or compromised
2) It’s been a while since you’ve last changed your password
3) Your passwords are all the same word
4) Your password isn’t secure
5) Anyone could guess your password
6) Because it’s the great password change of ’09!
Let’s go over this. These days, there are plenty of Trojans out there that look to steal your passwords. I really hope you’re running
anti-virus software, but consider running a
full system scan for malware too. All clean? Good. You’re not completely safe yet though.
You’re especially vulnerable if you’ve used sites like Facebook from a public wireless network. Facebook has awful password security, and if you’ve recently used an unsecured wireless network to check Facebook, people with
packet sniffers like
Cain and Abel can pluck your password right out of the air.
This brings me to another point. If your facebook password is the same as your email password, change them both now. Your email password should be your most secure password. After all, if I have access to your email account, all I have to do is go to all the websites you have accounts on, make use of the “forgot my password” button, and all of those sites will happily send me new passwords to the email address I have control of.
What makes a secure password? Well, let’s look at two common hacking techniques and how to safeguard against them. Dictionary and brute force attacks consist of the hacker going to a web form, putting in a username, and repeatedly guessing passwords until he’s in. The process is all automated.
As Twitter recently found out, if your password is a word that is in the dictionary, you are incredibly vulnerable to this type of attack, especially if your site allows multiple log in attempts without consequence. A dictionary attack just tries a list of common passwords and words from the dictionary.
More secure than a simple word password is a non dictionary password. Do not, however, use anything as a password that anyone could figure out from a conversation with you. No pet names. No birthdays. No address numbers. If your friends could guess your password, don’t use it. This includes things like “goblue” and “wolverine” if you went to Michigan.
Let’s say you’ve decided that your new password is the first letter of each word from the first line of a poem. So “
tiger
tiger
burning
bright” becomes “ttgb”
This still doesn’t protect you from a brute force attack. In a brute force attack, the hacker has the computer generate attempt after attempt. First it tries single little passwords a-z, then every combination of two letter passwords (i.e: aa, ab, ac, ad, ae), and so on until it figures out your password.
If you have a four letter password, there are 456,796 possible passwords that you could have. This seems like a lot, yes, but the hacker would be able to test all these possibilities in a matter of minutes. If you had a 6 character password (the minimum on many websites), the number of possible passwords is now 308,915,776 (so it will take 676 times as long to crack).
If your password is all lowercase letters, you can make it even more secure by adding a capital letter and a number. a-z has 26 possible values (each character in the password could be one of 26 different options). Add capital letters, and each character has 52 possible values. Add 0-9 and then each character has 62 possible values. Suddenly your 308 million possibilities have become 56.8 billion. You can even take it the extra mile and
add punctuation. 1TTBBitfotn!
Lastly, don’t use the same password for every website. There’s always a possibility that something will happen, and wouldn’t you rather have one password be stolen than all of them? Pick a theme and you won’t have problems remembering. Have your passwords be something you’ll remember and can try different variations of (but again: nothing your friends would guess). That way if “
1nv1s1bl3” doesn’t work on a website and you can’t remember which password you picked, you know that it probably is another thing in that theme like “
r3l3v4ant” You can use things that you like, but remember specific is better than general i.e. “
leviosa” is a better password than “harrypotter” because of course “harry” and “potter” are dictionary words but also because someone you meet might think to guess harrypotter since you love it so much, but who’s going to think to try all the different incantation words?
Alright, it’s time to go change your passwords. Make sure you don’t forget what you’ve changed them to. And remember not to use them on any unsecured wireless networks.