Web Safe Passwords
For years, I’ve been telling my clients and students: “You need web safe passwords!”.
Scroll down in this article to see online security tips from Mat Honan of Wired magazine – and some password vault tools to encrypt and protect your online passwords and logins.
Buffy, Honey or Bunny: Not Good Passwords
With the expertise and computer power applied to internet hacking today – what most users think of as an acceptable password – is not at all acceptable. Or web safe.
Some of my clients are retro when it comes to creating web safe passwords. In 2014, business cannot be naive or care-free about password safety.
In 2012, Mat Honan, an editor of the venerable internet tech magazine Wired, was hacked. Ever since, I have used his story as a resource in my social media, internet marketing and WordPress classes. You can read his story at How Apple and Amazon Security Flaws Led to My Epic Hacking.
My Password Recommendation since 2010: 12-15+ characters of absolute gibberish.
Passwords should be random characters that include capital letters, non-capital letters, numerals and special characters (symbols: #,%, etc).
Example Password: aJertr-q3@5h+yUgri]ab
As my clients know – I set up websites, social media and other online accounts with ‘monster passwords’. I get a lot of joking around about it and lots of groans from users. I joke: ‘This is definitely a copy/paste password’.
But I am very serious about the importance of the password length – and the random characters used.
Each Online Account Needs a Unique Password
NEVER ‘daisy-chain’ passwords, using the same password for all online accounts. I also advise that whenever possible – do not use a social media account to log into other online accounts.
But even this may not be enough…
In Nov 2012, Mat Honan, the Wired editor who was hacked, wrote a follow up article to his ‘hacked’ experience: Kill the Password: Why a String of Characters Can’t Protect Us Anymore.
Re-read today, Mat’s article is eerily prophetic. Mat is, after all, a very smart individual regarding anything internet. But like many of us, he was careless in creating a personal internet safety setup with his own passwords.
Here are Mat’s recommendations for online safety and they are totally on target. Read Mat’s entire article (linked above) for some very enlightening internet facts.
How to Survive the Password Apocalypse by Mat Honan
Until we figure out a better system for protecting our stuff online, here are four mistakes you should never make—and four moves that will make your accounts harder (but not impossible) to crack.—M.H.
- Reuse passwords. If you do, a hacker who gets just one of your accounts will own them all.
- Use a dictionary word as your password. If you must, then string several together into a pass phrase.
- Use standard number substitutions. Think “P455w0rd” is a good password? N0p3! Cracking tools now have those built in.
- Use a short password—no matter how weird. Today’s processing speeds mean that even passwords like “h6!r$q” are quickly crackable. Your best defense is the longest possible password.
- Enable two-factor authentication when offered. When you log in from a strange location, a system like this will send you a text message with a code to confirm. Yes, that can be cracked, but it’s better than nothing.
- Give bogus answers to security questions. Think of them as a secondary password. Just keep your answers memorable. My first car? Why, it was a “Camper Van Beethoven Freaking Rules.”
- Scrub your online presence. One of the easiest ways to hack into an account is through your email and billing address information. Sites like Spokeo and WhitePages.com offer opt-out mechanisms to get your information removed from their databases.
- Use a unique, secure email address for password recoveries. If a hacker knows where your password reset goes, that’s a line of attack. So create a special account you never use for communications. And make sure to choose a username that isn’t tied to your name—like firstname.lastname@example.org—so it can’t be easily guessed.
Two Tools for Online Password Safety
LastPass lets you store and manage all of your important passwords in one safe spot. The app encrypts your data and password list so that no one can read them, and there’s an option for different types of two-factor authentication. It also includes a password generator that creates randomized passcodes that are nearly impossible to guess.
“LastPass Now Checks If Your Sites Are Affected by Heartbleed. With LastPass installed, start browsing to your sites and services. LastPass will prompt you to save your logins, generate new passwords, save Profiles for online shopping, and more. LastPass does the work for you, so logging in and checking out requires no thought.
Have more than one computer? At work, at home, on your laptop – wherever you’ll be browsing, you can download LastPass and login with the same account. Your data is securely synced automatically, so you always have access to your latest updates.”
1Password is a great option for those seeking password protection. 1Password provides a password generator and secure encryption. There’s also a browser extension that syncs with your desktop and all your internet devices added to the service.
“1Password creates strong, unique passwords for you, remembers them, and restores them, all directly in your web browser. Keep all of your devices in sync! You can easily keep 1Password in sync on all of your computers and mobile devices. Check out 1Password for your Mac, iPhone, iPad, and Android.
1Password’s technology is not built upon SSL/TLS in general, and not built upon OpenSSL in particular. 1Password’s encryption remains safe.”
To Sum Up: Internet Safety First!
The internet is a fabulous tool; we cannot do business today without it. And with social media, a good part of our private lives are also lived on the internet. So it is extremely important to take common sense precautions.
Need a Website Security Audit?
Or need help with your Internet Presence? Need internet marketing, WordPress websites, SEO? Or do you need training or DIY Help with WordPress, SEO, social media or internet marketing?