We covered some of the concerns regarding passwords and account security in our previous post.
However, despite the awesome crunching capabilities of modern day GPUs, most of our concerns should lie in the online space, and if it offers any comfort, most of these logins are protected by captcha codes or limited to a set number of log in attempts before it locks you out of the system.
Nevertheless, getting your account compromised can be a harrowing experience. In fact, I had recently found out on Monday that one of the officers in my WOW guild got his account hacked and not only did he lose his items, his hacked character had proceeded to empty my guild bank of 74,000 gold as well as every single valuable item in storage. This effectively not only hurt the person who lost his account, it also hurt the rest of the guild members as the items represented the collective effort and pooling of resources for everyone else. While there are GMs to help restore such item losses, the same cannot be said for more serious accounts such as Paypal which involves actual money. Let’s also not forget that there are many sites where the login ID is your email address, and if you use that same password for your email, the hacker could reset your account, take the new password, and as a friend, N, says, “it’s like you locking yourself out of the vault“.
So, you may ask, “How can I choose a good password?”
Most tips relating to passwords would be something like these:
- 8 characters or longer, which forces you to use multiple words or extra symbols.
- have upper case, lower case, symbols, and numbers; or at least three of those four groups.
- should not be a common word and should not be a common phrase.
- should not contain a date, a name, or other things that can be associated with you.
- should be created randomly or semi-randomly.
The password should ideally be comprised of unique characters, not be any word found in the dictionary (no, p@55w0rd does not count), and really should not contain personal info like birthdays, as these are easily available on all the social media sites.
As Lifehacker rightfully points out, “The only secure password is the one you can’t remember“. Then again, if it’s hard to remember and you have it written down on a post-it beside your computer, it’s as good as leaving the keys to your bank vault outside the door.
For the more paranoid, I’d advocate a different password for each site, this could be a system where you use the site name, and your “strong” password in tandem. The basic rules could be something like Gmailpassword for Gmail, Facebookpassword for Facebook.
Of course this is a grossly oversimplified example as anyone with half a brain would be able to decipher your rule. A more fancy way could be some form of cryptography, such as alternating letters to arrive at Galpasswordmi. In this case, each letter of Gmail is placed alternatively on the left and right. It’s all up to you to determine a system that you can remember and yet looks random enough.
In our next post, we would be exploring how we can manage multiple websites, logins, and having different passwords. So stay tuned!
Part 3 on password managers can be found here.