Password: password

Friday, 23 May 2014 | Tags: , , , ,

Forgot your password? Try "password". And if that doesn't work, give "123456" a shot. Given those are the two most commonly used passwords, chances are you've used at least one of them. Shame on you. It seems every week another major story about hacking hits the news - this week it was eBay - yet our password laziness lives on.

My own list of passwords is growing to become an unmanageably long list. Especially since I’m too afraid to write them down. It’s like a tangled mess of Christmas tree lights in my head. I continually mistake which password is attached to which account. I cannot retain that much detail. There has got to be a better way to keep my data safe yet allow me reasonably easy access to my online accounts.

But it turns out, there isn’t. Not yet anyway. The password is indeed an ancient artifact but it doesn’t appear to be going anywhere just yet.

And it’s that requirement for ease of access to your iTunes or Amazon account that makes it a challenge. Because convenience comes at the price of security. Sure you could use a different 50 digit code for each account but that would be maddening and I for one would return to hand written letters, bank tellers and talking on the telephone.

It is shockingly easy to crack a password. One common practice involves a hacker posing as you to call centre agents and convincing them to reset your password. It’s not that hard because the answers to those “security” questions you get asked are usually up for grabs on the worldwide web. Your mother’s maiden name? Just go to ancestry.com. The highschool you went to, your billing address and your kids’ names are posted all over the place. And there are free, downloadable programs that run through millions of word and character combinations at lightening speed, meaning it doesn’t take much to become a card carrying hacker.

There are password management programs, some of which are recommended by security experts. But even though they might promise “military grade encryption”, when data exists in clouds and not on hard drives I think it’s vulnerable. So I’m not convinced.

Given how hyper-connected computers have become combined with how much more data we have to protect, from bank accounts to music collections to a lifetime of photographs along with our own laziness to create better passwords, once a hacker gets into one account they can probably get into all of them. And that could cost you. Big time. 

Keep these do’s and don’ts in mind when managing your passwords:

DO use a different password for every account. I shouldn’t have to tell you this.

DON’T use one word from the dictionary. Instead combine letters, symbols and numbers. If you insist on dictionary words then use a string of words to create a sentence. 

DO un-list your mailing address from as many directories as possible. Consider scaling back on all that personal information you spread. Every detail about yourself that’s out there, no matter how trivial it may seem, can be useful to someone trying to hack your accounts. (And hey here’s an idea: stop taking embarrassing pictures of yourself!)

DON’T answer security questions honestly when setting up accounts. Think of this as a second layer of defence. It’s not hard to figure out your pet’s actual name. If I’m a hacker I’ll just go to your Facebook page. Make up a fake one.

DO use  a 2-step authentication process whenever possible. Google does this when you go to access gmail from a new location. Not only do you need your password information, but they also send a text to your mobile phone to authenticate your identity.

DO try to make passwords as random and meaningless as possible.

DON’T answer “yes” to the “remember me” option. Re-enter your password every time.

DO change your passwords regularly.

Biometrics (your fingerprint or an iris scan) will likely play a role in the future of your online security. But even that on its own seems problematic. What if someone lifts my fingerprint from my coffee cup? Maybe one day we’ll all need to spit onto our computers to book a flight or buy a book. Nothing beats DNA.

If you have any more suggestions for beefing up password security, please share them. Actually no, it would be safer to write it to me in a letter. The kind you put a stamp on. But I’m not going to tell you where to send it.

top of page | | back to posts |
  • Subscribe to the A&K Newsletter