There have been several high profile hacks of popular social networks and cloud services recently and they all seem to track back to not having a solid password to protect the account that started the downward spiral. I am just as guilty as the next guy of trying to keep it simple as I maintain an online presence that encompasses more than 50 separate connections each requiring a password of varying degrees. That for me is about to change…in a big way.
The National Institute of Standards and Technology published a Guideline to Enterprise Password Management that after reading the 38 page draft document had me scratching my head wondering how I possibly have survived the past 20 years online without doing serious financial damage to myself! Now between the better understanding of why and how, I have always known that the short cuts I have taken on both device security (my computers, tablet and phone don’t really have security enabled) it is time to start a transformation and soon!
With Twitter accounts falling victim to Spamming Hackers all the time, it is important that if I am in anyway to maintain an online presence that I had better take my own security seriously. And the added win is if I can help one person remember that security is your own issue and not the exclusive domain of an IT Department…then the time I took this morning is well worth it.
The Online Security company ESET recently published the Top 25 Passwords…is yours among them? And if so…you need the Strong Password recommendations even more than I do!
Over at the Online Privacy Blog, I stumbled across an interesting image (that by the way has made it a challenge to save this post…but all is good now).
I strongly agree with the is 3 step process but I also think that it needs to go a step further than just having one password that has the letter of the website that you are logging into attached to it. There are several schools of thought when it comes to Strong Password creation:
Lifehacker blogger Gina Trapani recommends starting off with a Base Password like ABSD and then building from there so that your Facebook Password would be like ABSDFCBK and your Email Password may be ABSDEMIL. While it is a mashup of non-common words and phrases…I think I would have some challenges remembering that many passwords and would very quickly revert back to simple passwords rather than constantly doing password resets.
Where I really found value is looking at the use of a Pass Phrase. Going back to basics is sometimes not a bad thing and over at the Internet for Beginners page at About.com there is a great process for adding the Pass Phrase into your repository of password creation tricks. To create the Pass Phrase it is important to make it something that you will be able to remember…and then take the first letter from each and that is your password base:
- Can’t See the Forest Through the Trees: cstfttt
- Put Up or Shut Up: puosu
- If the Shoe Fits, Wear It: itsfwi
- You Can Lead a Horse to Water: yclahtw
- The Last Mile Is Always Uphill: tlmiau
- I Think, Therefore I Am: ittia
- Oh Say Can You See: oscys
- Honey Badger Doesn’t Care: hbdc
The article goes on to suggest ways to ever further strengthen the password through the addition of other concepts that add special characters and site/device specific insights. For a Password to actually be strong…remember that it needs to be at least 8 characters long…but if you can hit the 15-24 character password…that should make it tough for hackers.
Well, I am off to start changing passwords. This is just step one of a full online transformation that is going to be happening so stay tuned as I start my “digital makeover” (and yes that might just mean the Avatar is going away).
Chris J Powell