Wednesday, December 26, 2012
Web Secret #238: Passwords
Last month, the New York Times published an excellent article on how to build a secure password.
Here are the most important tips from that article:
FORGET THE DICTIONARY - If your password can be found in a dictionary, you might as well not have one.
NEVER USE THE SAME PASSWORD TWICE - People tend to use the same password across multiple sites, a fact hackers regularly exploit.
COME UP WITH A PASSPHRASE - The longer your password, the longer it will take to crack. A password should ideally be 14 characters or more in length if you want to make it uncrackable by an attacker in less than 24 hours. Because longer passwords tend to be harder to remember, consider a passphrase, such as a favorite movie quote, song lyric, or poem, and string together only the first one or two letters of each word in the sentence.
STORE YOUR PASSWORDS SECURELY - Do not store your passwords in your in-box or on your desktop. Store your password file on an encrypted USB drive. I personally like the Ironkey brand.
IGNORE SECURITY QUESTIONS - There is a limited set of answers to questions like “What is your favorite color?” and most answers to questions like “What middle school did you attend?” can be found on the Internet. Hackers use that information to reset your password and take control of your account. A better approach would be to enter a password hint that has nothing to do with the question itself. For example, if the security question asks for the name of the hospital in which you were born, your answer might be: “Your favorite song lyric.”
USE DIFFERENT BROWSERS - Pick one browser for online forums, news sites, blogs — anything you don’t consider important. When you’re online banking or checking e-mail, fire up a secondary Web browser, then shut it down. A recent study found that Chrome was the least susceptible to attacks.
The best offense is a good defense.