Navigation Menu

Posted by on Jun 19, 2012 in How Tos, Top Posts | 1 comment

Password Security: Protect Yourself from Account Compromises

Using strong, unique passwords across each of your online accounts is important. Really important. But you should already know that; I mean, you wouldn’t use the same key that you use to unlock your car that you would to open the front-door to your home or office, would you? Can we agree that, that would be pretty stupid? Yeah? So then why would you use your e-mail password for your online bank account? Each and every day, hackers are constantly trying to find security vulnerabilities in websites that they can exploit in order to gain access to your account, and even sites like LinkedIn can fall victim to these attacks.

So, my question to you is this: if your Facebook, Twitter, or e-mail password was leaked today, would your other accounts still be safe? How about your bank account? Or PayPal? Rest assured that every single password that gets leaked will be among the first ones used when someone tries to brute-force their way into your account.

At this point in time you may be wondering how on earth you could possibly remember–let alone keep track of–so many different passwords, so let me try to answer not just that question, but a few others in the expandable area below. If these questions do not pertain to you, just move on to Let’s Make a Password!

Do I have to use a different password for every account?

No, you don’t. It just depends on how important it is to you that certain accounts are completely secure. For example, if you visit plenty of online forums, or have to register to leave comments on articles on various different websites (such as this one), for all intents and purposes it doesn’t really matter if someone has access to all of those accounts, right? In this case, it’s OK to use one simple, generalized password across those websites. Just remember not to use a password like that for a site like Facebook, which deals with your personal identity.

How can I remember all of these different passwords?

There are plenty of good apps out there for your smartphone or your computer which you can use to store all of your passwords with. Trust only those who use AES-encryption and are stored locally; if it needs to be stored elsewhere, well, that’s a risk I myself am not willing to take, regardless of what anyone else says. 1Password on iOS and SafeInCloud, mSecure, Password Box, or LastPass on Android are some great apps to use. Personally, I recommend SafeInCloud for Android.

My account was already compromised! What should I do?

If you’ve already had your account compromised, make sure you scan your computer for viruses and malware (Microsoft Security Essentials and Malwarebytes are both excellent, free solutions that you can use), and don’t just recreate your password on that computer. It’s very possible that you may have been infected with what is known as a keylogger, which logs your keystrokes and sends them to the person(s) responsible for hijacking your account. If possible, try changing your password from a mobile phone first while taking the proper precautions by cleaning your computer and checking it for problems!

 

Let’s Make a Password!

Now it’s time to create those all-important passwords. When choosing a password, it’s important to keep in mind that no matter how much you love your mom, her maiden name is and always will be a terrible password. Why? Well, wouldn’t that be one of the first things you guess (following ‘12345’ and ‘password,’ of course) when trying to access someone’s account? Yeah. Don’t use it. After all, you wouldn’t want to be stuck wondering why mommy couldn’t protect you from the big bad hackers, would you?

First thing’s first: your e-mail password is arguably the most important password of the bunch, because that’s what you use to reset and change passwords on other websites. Personally, I recommend using Gmail, which has the added security benefit of 2-step verification, which can be added to any single Google account. If you’d like to learn more about 2-step verification for Gmail, skip down below to the Additional Security Measures portion of this post.

Remember to use special characters (which drastically improve the security of your password), numbers, and upper-case and lower-case letters when making your password. Also, try not to spell anything–at least, not in an obvious way. For example, let’s say you were born in 1978, and you want to use that in your password in some way, shape or form. Using just ‘1978’ as a password would be stupid. No, really, it would. Birth dates are commonly guessed by people who are trying to crack your password specifically. So let’s try something a little different with that year, shall we?

!n1nE.s37En8?

Here, the ‘!’ represents the one, ‘n1nE’ represents the nine, etc. We have punctuation (‘!’, ‘.’, ‘?’), numbers, upper-case and lower-case letters, and the only thing that is even close to being spelled out is ‘n1nE.’ You can even get tricky and use ASCII characters, which are characters like ‘«‘ and ‘»‘ (hold left ALT and type 174 or 175 on the numpad).

Let’s try one more. Let’s say your favorite movie is Lassie, and everyone knows it. Fine, don’t use that as a password then. Instead, find the name of a lesser-known actor that took part in that movie. Upon a quick Google Search, IMDb lists Earnest Poole Jr. as Highway Patrolman #1.

jR.fuZZ#1;eRn!ep00l

We’ve got fuzz for police, ernie instead of earnest, pool with two zeros, and it all comes together looking like scrambled garbage. All the R’s and Z’s are capitalized to help you remember which letters get caps, and we even have some punctuation in there too. Just play around with things and try to be clever, but try to also come up with something that you think you could remember after a little practice.

 

Additional Security Measures

In the interest of keeping this post short and to the point, I’ve decided to make a separate page dedicated to setting up Google’s 2-step verification. To view it, just click here.

 

Have any comments or suggestions? Post em’ below!
Share this post with password-impaired friends and family by clicking on one of the buttons below, and consider subscribing by checking out the top most item in the right-hand column of this site!

1 Comment

  1. Anon August 2, 2012

    Just read this after reading g wallet post–wow, crazy passwords. Don’t think they need to be THAT complex but you’re 100% correct on everything. I’d probably cut passwords like that in half for myself!

    Reply

Trackbacks/Pingbacks

  1. derpn dot com | App Reviewamendation: SafeInCloud - [...] back in June of this year I wrote about password security, and how one might protect oneself from account…

Post a Reply

Your email address will not be published. Required fields are marked *