Creating Strong Passwords
October 09, 2013 Published by Rajesh Goel
It should not surprise you that a LOT of online sites are tied together.
Gawker.com, LinkedIn.com, Yahoo.com, Facebook, iCloud , World Of Warcraft, Farmville- they’ve all been attacked and criminals have stolen millions of user accounts. And research shows that many, many people use the same password across multiple sites. This turns a small problem (lost Facebook account, com- promised LinkedIN account) into a massive problem…for YOU!
Don’t make the same mistake!
A few lessons learned/taught:
1) The attackers were after a CEO — his password is 24862486
2) The hackers also determined that he used it on twitter, and other sites
3) They changed his DNS, hijacked his sites and caused the company deep em- barrassment and millions in cleanup costs.
We know from experience that people tend to use the SAME PASSWORDS every- where. I STRONGLY urge you to maintain separate passwords, and to change them regularly. Otherwise, a break in one location, can compromise your identi- ty everywhere else.-
Here’s a trick/technique I use to train executives in picking great passwords:
1) Pick a line from a song or a book, e.g. Somewhere Over The Rainbow Bridge
2) Pick the 2nd (or 3rd or 4th) letter from each word, e.g. 2nd letter: ovhar 3rd letter: meeni
3) Pick a BASE password – e.g. OVHAR. Add numbers and special characters (!, @, #, $, %, ^, &, *, (,), 1-0), between the letters: o$v$h$a$r, o$v#h@a$r, o@v#h$a#r
4) For dealing with websites, use a different base, and incorporate the website name in your password: e.g. BASE: MEENI; websites: EXPEDIA.com, EBAY.com, PAYPAL.com.
m!e@e#n^iEXPEDIA – with site name at the end
m!e@EBAYe#n^i – with sitename in the middle
m!e@PaYpAle#n^i – with sitename in the middle, mixed case
Any of these passwords are extremely difficult to crack, easy to remember.
TIP: Use DIFFERENT bases for different areas of life: e.g. BASE1 – work creden- tials (office desktop, office email, etc); BASE2 – home credentials; BASE3 – web- sites; BASE4 – Online banking
Or, at minimum: BASE1 – home, work, web; BASE2 – online banking
Change your password every 6 months. A weak password changed frequently is better than a strong password that’s rarely changed.