Web Secret #243: Passwords - part 2

Sometimes I think that I am one of 5 girls in the US reading Wired Magazine. For those of you who do not partake, Wired is a monthly magazine, published since January 1993, "that reports on how new and developing technology affects culture, the economy, and politics."

Wired is geeky, very, very geeky. And male, very, very male. A typical issue will almost certainly feature a piece on the online gaming industry, a gadget like a cross bow that shoots slime, and an article featuring some dude's game changing impact on the tech industry.

Wired, I forgive your chauvinism. Where else would I find a really great story like "Kill the Password: Why a String of Characters Can’t Protect Us Anymore," a first person account of what it's like to have your digital life completely destroyed by hackers and what to do to fight back.

Here is the Cliff notes version of that article:

The bad news is the password system that is meant to protect our online bank account, websites, e-mail and more is growing increasingly inadequate as hackers become ever more clever and destructive.

More bad news, no new system has yet been devised to replace it. In a couple of years, we may log in to Amazon.com by scanning our eyeballs, but we are not there yet. Even more depressing - hackers are often teenagers whose sole reason for hacking is to wreak havoc.

The good news is that there are steps you can take to improve your passwords. Has Mat Honan, the article's author advises:

"DON’T

1. Reuse passwords. If you do, a hacker who gets just one of your accounts will own them all.
2. Use a dictionary word as your password. If you must, then string several together into a pass phrase.
3. Use standard number substitutions. Think “P455w0rd” is a good password? N0p3! Cracking tools now have those built in.
4. Use a short password—no matter how weird. Today’s processing speeds mean that even passwords like “h6!r$q” are quickly crackable. Your best defense is the longest possible password.

DO

1. Enable two-factor authentication when offered. When you log in from a strange location, a system like this will send you a text message with a code to confirm. Yes, that can be cracked, but it’s better than nothing.
2. Give bogus answers to security questions. Think of them as a secondary password. Just keep your answers memorable. My first car? Why, it was a “Camper Van Beethoven Freaking Rules.”
3. Scrub your online presence. One of the easiest ways to hack into an account is through your email and billing address information. Sites like Spokeo and WhitePages.com offer opt-out mechanisms to get your information removed from their databases.
4. Use a unique, secure email address for password recoveries. If a hacker knows where your password reset goes, that’s a line of attack. So create a special account you never use for communications. And make sure to choose a username that isn’t tied to your name—like m****n@wired.com—so it can’t be easily guessed."

You have been warned.