| 1272288563|%a|agohover |
|
1272288563|%Y|agohover |
 © James Kanjo, 2009 |
Passwords are extremely important for protecting your information in the modern digital world. Yet time after time people find that their accounts/computers are still being hacked into.
I'm going to show you how to effectively manage your passwords, and protect your information.
But first, let's go back to basics. Why do we need passwords?
A password is a special code that gives an individual access to his or her data. You must NEVER tell another person your password. NEVER EVER SHARE YOUR PASSWORD. The moment you share your password is the moment you create a security hole in your confidential data.
If you are the only person to know your password, then you are the only person who can access your data, and your information remains secure and confidential.
In the modern world, people utilise several services that require a password:
- Computer's User Login
- YouTube
- iTunes
The easy way to access your multiple accounts is to have the same password for everything (which is what most people do). That way, you don't need to struggle to maintain multiple passwords for a dozen or so services. People also tend to have their password as something that you know, but most other people don't know.
For the sake of this article, I'm going to have my password as my sir-name: “kanjo”
“kanjo” is something that is easy to remember for me.
BAD! BAD! BAD!
Here are the flaws:
- If you have the SAME password for EVERYTHING, then somebody with your password has access to EVERYTHING
- If your password involves the use of WORDS, then it makes it easily GUESSABLE
- If your password is EASY to remember, then it is easy for SOMEBODY ELSE to remember
So how do we conquer these flaws? We simply do the opposite:
- Use a DIFFERENT password for everything. If somebody has your password, then they can access ONLY ONE of your services
- Make your password use RANDOM characters that do not form words. This way if somebody types in every word in the dictionary, they will NEVER guess your password
- If your password uses random characters, then it is DIFFICULT to remember. This means that if a stranger glances at your password, their brain will be unable to make sense of it, and will be unable to store it in their memory (i.e. difficult for OTHERS to remember)
Great ways to make your password even more secure is to:
- MiX tHe cAsE oF YOuR leTtErS
- Use numbers (0…9)
- Use symbols (!@#$%^&*?)1
- Keep length of password between 6 and 10 characters2
So I'm going to create a password right now by randomly selecting keys on my keyboard: u&D3h%
As you can obviously tell, “u&D3h%” is a much more secure password than “kanjo”. You can't remember the password by looking at it, because you can't actually speak the password as a word… you can only read it character-by-character, something the brain is not good at storing in the memory. In addition, you can't guess a password like that.
The only way for you to remember your password is through continuous use… If you use your new password twice a day, then you should have it memorised in less than a fortnight.
Now in terms of using different passwords for different services, there is an easy (yet secure) way to do this. All you do is simply append an acronym of each service you are using to your password. For example:
- Computer: u&D3h%C
- Facebook: u&D3h%FB
- Twitter: u&D3h%T
- YouTube: u&D3h%YT
- iTunes: u&D3h%iT
All you need to do is remember ONE password, but use a different acronym for each service that you use. This way, you essentially have a different password for every service. If somebody has one of your passwords, then they can't access any other website.
To make your password even more secure, you can place the acronym in the middle of the password — as opposed to having it at the end.
Another thing to note is that you should ALWAYS change your main password EVERY SINGLE YEAR. It is foolish to have a “one password for life” policy.
In terms of trying to remember your brand new password, the best way is to NOT store it digitally, but to write it down on a piece of paper, and keep it in a personal place (your wallet, for instance). After you have memorised your password (usually takes less than two weeks) destroy the piece of paper to keep your password secure in your head.
Cheers!
λ James Kanjo
Good post!
Shane Smith ★ Wikidot Freelancer (Hire me!)
— Sites: My Website, Personal Blog
— Projects: STE Editor, Wikimated, Wikidot 101 (Video Tutorials), Wikidot SubReddit
Hmmm… yeah…. My gmail account just got hacked into a few days ago…. had to reset my password.
~ Kenneth Tsang — jxeeno.com — my new blog | @jxeeno Twitter | My Site
Wikidot Community via IRC (#wikidot on irc.freenode.net)
One reason why people do stupid things like using the same password everywhere, using easy-to-guess words or forgetting passwords is that they are unaware of the existence of password managers.
Password managers store passwords in a single file, they have hierarchical folder tree, they can autofill username and password, generate a random password and a lot more.
I can wholeheartedly recommend you Password Agent
http://feedback.wikidot.com/wish:382
See, I'm directly opposed to storing your password anywhere that isn't your brain (especially digitally).
If somebody should have access to your password manager, then they have access to all of your passwords (nothing clever about that). However, if you took the time and effort to remember your password, then there's no way that somebody can hack into your brain and extract your password collection.
λ James Kanjo
Blog | Wikidot Expert | λ and Proud
Web Developer | HTML | CSS | JavaScript
Agreed.
Shane Smith ★ Wikidot Freelancer (Hire me!)
— Sites: My Website, Personal Blog
— Projects: STE Editor, Wikimated, Wikidot 101 (Video Tutorials), Wikidot SubReddit
The password manager's file is protected by a master password - one that you have to learn by heart.
http://feedback.wikidot.com/wish:382
And if someone looks over your shoulder while you're typing it, or uses a key logger to record your keystrokes, they have access to all of your passwords.
Shane Smith ★ Wikidot Freelancer (Hire me!)
— Sites: My Website, Personal Blog
— Projects: STE Editor, Wikimated, Wikidot 101 (Video Tutorials), Wikidot SubReddit
- that's really improbable - the pass is shown as asterisks, I use a long enough password and the occasions of prying eyes curiously following my typing fingers are very rare; moreover if I happen to enter the password while an untrustful person is sitting next to me, I can change it any time later;
- This is really a problem, but there are attempts to solve this:
"Unlock and Set Master Password windows where you enter master password are doing some additional work behind the scenes to combat spy programs and key loggers. The password you type is not recorded by key loggers in plain text as it was typed. Instead, Password Agent will generate random characters after each key press, so it is more difficult to detect real password that you entered. However, as it is not possible to hide keyboard input from key logging programs your real typed characters will still be captured by logger (among fake ones), so if logger can record several password entries over time, real master password can be discovered after some analysis. Edit box for master password does not have ES_PASSWORD style, it does not allow copy & paste and does not give away your real typed password in response to WM_GETTEXT message." (http://www.moonsoftware.com/log_pwagent.asp)
I would admit, though, that some kind of biometric authentication (e.g. fingerprints) would be a better version of the "master password".
http://feedback.wikidot.com/wish:382
Post preview:
Close preview