For years I have been espousing the importance of strong passwords. Passwords are the key to your information including pictures, documents, on-line banking and… everything.
Your identity can be stolen and your reputation can be shattered in an instant … all because of compromised passwords.
Now that you understand that, you made your password super-complex… 19P@$$w0rd63 and you figure you are safe. After all, twelve characters, alpha-numeric with uppercase, lowercase, and special characters, what could be stronger, right? Yes, that is true… but a complex password is not the beginning and end of account security.
Things to remember
There is a simple equation: Password security is equal to complexity, but there is a time factor built into that, and however secure your password is when you set it, that security level starts to degrade immediately… and at a rate that is inversely related to the complexity of the password.
Wow… all of this sounds really confusing, doesn’t it?
I hope this will simplify things:
1) Assume that the moment you set or change your password someone is going to start trying to hack it. It may take a hacker three days to discover a four letter complex password, but three months for an eight character one. It is that much of a difference. That is why network administrators set policies to force you to change your password every so often.
2) The minute you tell someone your password, it is compromised. It doesn’t matter if you tell your mother or your priest, it is compromised.
So now that you are following the rule that you will change your passwords periodically – I recommend setting a specific time frame and sending yourself calendar reminders (or putting them into your agenda) – we should be safe, right?
Unfortunately not. There is another factor that can significantly increase the rate of decline of your password security, and that is where you use it.
- I know it is too scary to think about, but public networks are not safe, and most wireless networks certainly are not. If you sit in airport lounges, cafes (or restaurants), libraries, schools, or anywhere else where there is public Wi-Fi and check your e-mail on your laptop then there is a chance that there is a hacker capturing your signal. It does not require a lot of skill to do so, which is why I change my passwords as often as I do.
- If you use the same password on two sites then you are reducing the security of the password. Of course the more sites you use the same password on the less secure it will be. Some sites use one-way encryption hashes – in other words, they do not know your password, they simply keep an encrypted version of it that is compared to the password you type in to authenticate. These are fairly safe, depending on the encryption algorithm. However any site that maintains an unencrypted list is completely unsecure; if you click on ‘Password Reminder’ and you receive an e-mail that says ‘Your password is 19P@$$w0rd63’ then your password is in serious jeopardy… when I discover this about a site I immediately ‘burn’ that password everywhere else. Hackers know that most of us will use one (or two) passwords for everything that we do, so if they discover your password for match.com the first thing they will do is try that same password to access your e-mail… and banking, and anything else.
However these are the cloud-based equivalent of writing all of your passwords on a piece of paper (or saving them in a file). If someone gets ahold of it (or if you lose it) then you have a problem.
Likewise for the smartphone-based applications, which are fine until you lose your phone.
Of course, for complete password security it sounds like I am suggesting that you change every password (and make them unique) for every site that you use every week.
Let’s assume most of us have ten sites we use, that would mean you would have to change all ten of them fifty-two times per year. That is not realistic for the best of us. However remember that not every site that you use requires the same level of security; most people would want to change their banking and e-mail passwords more often than the passwords to their favourite social networking site.
The bottom line is that password awareness is hugely important. Changing your passwords frequently is just as important, as is keeping your passwords secret.
This is true for on-line passwords as well as local ones to ensure that everything that has your name on it is really yours.
Got a question for Mitch? Please post them in the Comments section below.