Just last week I did one thing I always do at the beginning of a new year, it is intended to keep me safe for another year of living part of my life online, I thought you might want to look into it too:
Change all your passwords into safe passwords
There isn’t a website around anymore that doesn’t want you to log in and create a password, and it is so tempting to use the same one over and over, especially one you can remember easily. But that is putting you in real danger, or more accurately it is putting your online identity in danger and maybe with that your real life identity and finances too.
So I thought I’d share some knowledge about the do’s and don’ts with passwords and how to be safe on the internet.
First: What is a password?
Well a password is simply a unique ‘key’ that is meant to keep ‘unwanted people’ out of your personal stuff. And just as in the real world there are different kinds of unwanted people that need different safety measures.
First there are the people you ‘know’ in real life that might have an unhealthy interest in your online affaires. Let’s face it, you wouldn’t want most of your coworkers, or neighbors or even relatives to open up your bank statements of personal correspondence, so you don’t want them going through your online personal things either. And your 14 your old nephew might think it hilarious to ‘hack’ your Facebook account and post silly family pictures in your name, but you might want to stop him before the act all the same.
Second there are the unknown bad guys all over the world who try to hack into accounts so they can use them to broadcast their obnoxious messages to everyone. We have all had the spam emails, tweets and Facebook messages. Although these kind of cyber criminals might not actually harm you, you still don’t want your name associated with their messages.
Third, and maybe most important, is the category cyber criminals that are really trying to target YOU and the personal information YOU have left on the internet. They are the ones that try to get your ID information so they can order credit cards in your name, or that try to get into your bank accounts or do other things that really can create a total and big (financial) mess. You have to be very aware of these thieves, they are the professionals you have to keep out by getting yourself a big secure lock and an unbreakable key.
And finally. There are of course the professional wiz kid hackers, the ones you see in so many popular TV programs that are able to hack into the Pentagon and such. Have no illusions you won’t be able to keep them away from your data, but then again you are probably of no interest to them at all, why would they waste their talent at hacking your blogger account if they could be messing with the FBI data files….
So let’s concentrate on preventing category 1, 2, and 3 of getting to your online possessions.
What is a safe password?
Let’s be honest, how many of you have a password that:
Contains (part of) your name? Your birthday? The names of your children or husband? Part of your address? Your favorite flower, animal or nail polish brand?
THAT IS NOT SAFE!!!!
Any dedicated co-worker, with some time on her hand and some knowledge of your personal life could figure it out. Believe me. And even if you have used the name of a former crush you have told nobody about, using a password like that is still not safe.
Because, contrary to what you might think a cyber criminal does not try to ‘guess’ your password, they have powerful computers that take all the guess work out of it.
Say you have a 7 digit password (kind of standard) and used only ordinary letters. That means there are 26 to the power 7 possible combinations = over 8 million combinations. Now that might seem like a lot but an average computer can run that many combinations in under 2,5 hours. If he would tell the computer to start with words from the dictionary and common names it would be a lot faster. And if the hacker knows your name (which is often in your username and therefor public) he could tell the computer to start with all the combinations that include those letters and have it super fast.
So what should you do?
1. Have multiple passwords.
2. Have as many really safe, just about unbreakable passwords, that you need in order to have an exclusive password for all of the accounts with the really sensitive information.
3. Have one (but preferably more) very safe passwords that you use for social media and other sites where you do not leave sensitive information.
4. DO NOT keep a record of those passwords in an insecure spot.
5. Renew your passwords, especially the ones you use on multiple sites at least once a year.
Why not have one unbreakable password for all? Because there are two things important in password safety. The strength of the password you created AND the strength of the security of the site were you left your password.
Not too long ago the site of Nintendo got hacked and the criminals gained excess to all the passwords. Now imagine you would have bought a game at the Nintendo site and used the same password you use to log into your bank account…..
So how do I make a safe password?
Use all the four categories (or as many as possible) and make a really long password. You can generally choose from: 26 letters (lowercase) 26 letters (uppercase), 10 numeric numbers, 30+ special characters.
In comparison a 14 character password that uses all four categories takes more than 2000 years to break.
So how did I make my super duper safe passwords (and remember them).
I thought of a sentence I can remember easily, I choose one that is a personal confirmation, for example:
I am a Beautiful Person
as a password that would be:
IamaBeautifulPerson (already combines big and small caps and is nice and long)
To make it better I substituted the i for the ! and the o for the 0
See still relatively easy to remember yet a gazillion times safer than using Songbird1
What are important sites to keep absolutely safe?
1. Your bank accounts (including PayPal) and social security sites (in Holland we have an official Digi Identity that we can even use to file our taxes with) and other sites like that.
2. Your email account, especially Gmail. Your Gmail password is essentially the door into your whole Google world and it also protects your blog from being hacked. Hackers love email accounts because you might have saved an email in there with an attachment containing your signature (like if you ever had to send in a contract and you thought let’s archive that), or a copy of your password (used to buy a plain ticket online). That kind of information is golden, I’m sure you can imagine that.
So use very safe and exclusive passwords for these accounts.
I admit I am guilty of using the same password for all the social media sites I frequent. There are just too many of them to remember a different one for each. But it is a very secure password and I have just changed it on all of them, and will change it no later than January 2013 again.
Granted I am still taking a risk there. If I wanted to be absolutely sure I’d be 100% safe I’d need to have exclusive passwords for every site. Luckily if you’d want that there are options that you can help you with that. There are online security vaults that archive all your passwords or even make random passwords for you and keep them safe in the vault, you only have to remember the extra super duper safe password that opens and activates the vault (like Roboform for Windows and 1Password for Mac).
Okay and one last thing. Now you have made yourself a couple of really secure passwords and you want to keep a record of them.
Do Not: make a file on your computer called passwords!, do not write them on a post-it and hang that besides your laptop! (any thief would just grab it with him/her), do not keep them in your email inbox. If you have to have a hard copy, write them down and then put that piece of paper in between a random book in your bookcase around page number 123. It can be your favorite book, so you can remember which one you used .
Ok, not the most beautiful post I have ever written but an important one nonetheless.
Now go change your passwords (and while your at it, back up your blog too).