by Joanne McNabb, CIPP/US/G/IT
Joanne McNabb is the Chief of the California Office of Privacy Protection. She offers some critical tips about passwords for Internet Safety Month, June
There has been a spate of password hackings and breaches in recent months. In June alone, news stories reported that more than 6.5 million passwords stolen from LinkedIn, eHarmony and Last.fm were posted on a hacker web site. Doesn’t sound too bad? You simply change your password for the affected service, right? Not necessarily.
This type of theft can lead to big trouble, because many of us use the same password for many web services. So just changing your LinkedIn password may not protect you. Do you use the same password for your email? How about online banking? It’s time to change our bad password habits.
- Don’t use easy-to-guess elements like birthdays, family and pet names, addresses. Don’t use repeat characters (111) or sequences (abc, 789).
- Don’t use the same password for everything. If one account’s password is lost or stolen, everything is at risk
- Don’t use the “remember me” option on web sites.
- Don’t enter your passwords on a computer you don’t control (friend’s, hotel business center’s). It could be loaded with spyware.
- Don’t enter your passwords on open Wi-Fi networks, unless the site is secured (https in the address).
So what are we to do? How can we possibly manage numerous, strong, hard to guess (and therefore usually hard to remember!) passwords?
- Do use a password manager or password safe. This is a software program that runs on your computer. It lets you randomly generate different strong passwords for all your accounts and store them securely. You only have to remember one password (or passphrase) to open the safe.
- The Electronic Frontier Foundation lists some free versions: KeePass (for Windows, OS X, Linus, Android and iOS), Password Safe (Microsoft Windows) , and Keychain (for Mac). Many browsers also have password managers.
- Security guru Bruce Schneier likes CallPod’s Keeper. It’s not free, but it lets you keep your passwords in sync on multiple devices (Window, Mac, Linux, iPad, Android, BlackBerry and more), for $9.95 a year per device.
- This type of program will make it easy for you create strong passwords, access them when you need them, and enter them into websites.
- Do protect the passwords in your password manager with a passphrase, one that you can memorize and that is still hard to crack. For example, seventeenbluequicklypacifier. But don’t use a phrase that has appeared anywhere – such as (now) seventeenbluequicklypacifier.
For more information:
Electronic Frontier Foundation, Passwords: LinkedIn and Beyond. https://www.eff.org/deeplinks/2012/06/passwords-linkedin-and-beyond
Bruce Schneier, Password Advice, www.schneier.com/blog/archives/2009/08/password_advice.html
Microsoft, Create Strong Passwords, http://www.microsoft.com/security/online-privacy/passwords-create.aspx