This section is all about protecting yourself, your computer and your personal information.
Password Creation & Management
Password creation and management is one of the first things you should consider when thinking about web security. Everything you do on the internet, including accessing it in most cases, will require a password. This is the very base of your pyramid of web security.
Knowing how to properly create and manage strong passwords is the perfect place to start the security discussion. Just putting this chapter’s tips into practice gives you a heads up on the vast majority of web users out there.
The following steps will ensure you create great passwords:
1. Avoid The Obvious – The first thing you have to do is avoid the obvious.
Do not use anything like your name, birthdate or even any of your interests. Remember, not all hacks come from some mysterious stranger overseas. A lot of problems can arise, right in your own house – from friends, roommates, parents or children. Don’t choose something that someone could guess!
You will also want to avoid the common passwords that every noob uses.
That might be a bit harsh but if you use something off of the top ten most used passwords list (shown below – courtesy of Huffington Post) then you are a noob!
rockyou (name of the site these pws were hacked from)
So as you can see – avoid the numbers in order, avoid the name of the website you are using and the actual term password. Not shown, but equally bad – using “admin”, copying your username or leaving it blank!
2. In Fact Don’t Even Use a Word – No matter how clever you think you are – don’t even choose a word – English or foreign. Any word that can be found in the dictionary can be cracked using a brute force attack. If you insist on
using a word then make sure you connect more than one word with numbers and symbols (more on that below). If you choose a single word that is in the dictionary (any languages) you are wide open for a hack.
3. Sorry, Size Matters – I know it is easier to remember 5 digits than 9, but guess what? Size counts! If you chose a random string of 6 lowercase letters (or worse a 6 letter word) it would take 10 minutes for a hacker to use a brute force attack to figure that password out. Ten minutes to test every possible combination of letters.
To avoid this, or at least severely lengthen the time it takes, make sure your password is longer than 6 characters. I would say try to aim for 9 or more characters. Might seem like a lot to remember, but a phone number with area code is ten digits, and we all have many of those memorized. If you have a password 9 characters in length – it will take the same program about 4 months! And that is before we add variety…
4. Mix Up Characters – To maximize your password’s security you need to mix up your characters. This means you need to add symbols (%@#), numbers and mix up the case of your letters (capitals and lower case). The
best passwords will have all different types of characters.
Remember the time it would take to crack passwords mentioned above?
Well if you have a password that is 9 characters in length, has upper and lowercase letters, plus symbols and numbers – it would take 44 530 years to hack that password!
If you keep those 4 very simple points in mind, then you will create great passwords that are virtually “unhackable”. Creating passwords and managing them though are two different things. Following this blurb are some points
you need to consider about HOW to use these great passwords.
1. Have More Than One – This is probably the single most important password management tip. Don’t use the same password everywhere on the web. If you do, you highly increase the chance of having it compromised. If someone is able to glean your password on one site they may be able to put 2 and 2 together, and access other accounts you own.
Some of these accounts could be really important. Memorizing a new password every site is hard (impossible?), but you should have at least 3 strong passwords that you use for different things. You can break down
your passwords into 3 categories:
A Level – These are passwords that are super important, and direct access to them could directly lead to financial trouble. (i.e. Online Banking or Paypal)
B Level – These passwords are also important, and while getting hacked could cause trouble, the hacker won’t be able to clear a bank account, or run up credit. (i.e. eMail, Twitter or Facebook)
C Level – These passwords are for random free accounts online. (i.e. Message Board, Blog Comments or Fantasy Sports)
If you are going to try to go with just several different online passwords, try not to mix them up between categories. You can also make your own categories if you want. For example, for those people who work online, an FTP or Hosting password, could very well be an A-Level.
Use your own common sense when deciding which category a password would fit in.
2. Change Password if Compromised – If you ever have your password compromised – then you need to change it ASAP. This seems like it isn’t worth stating, but I have seen it far too much. Not only do you have to
change the compromised password, you also have to change all of the other accounts tied to that password.
That might seem like overkill, but it is the most basic step to take if you have a password hacked. You should not avoid this, no matter how annoying it may be to change all of those passwords. This is yet another reason to make sure you don’t just use one password!
Remember, even if you haven’t been compromised, you should still consider changing your password every 6 months or so. This might seem like a hassle, but it will help ensure your online safety.