Monday, June 25, 2012

Passwords

We've had a rash of media stories on computer passwords recently.  I wrote a bit about the issue when it was discovered that a large number of LinkedIn passwords (lightly encrypted) had been posted on the web.  Like many of you, I realized that I had used my LinkedIn password for other secure websites as well.  The result was that I went through and changed all my passwords that morning.

I do not use an electronic password manager -- though I plan to do some research on how safe such solutions are -- nor do I have sticky notes sitting on my computer to remind me of an assortment of passwords.  I try to pick passwords that I can easily remember.  I've heard the suggestion that one can take a phrase or even the name of a song and use the first letter of each word and then add some numbers -- an example would be "the will is greater than the skill 12"  which would be "twigtts12."  (Thanks to Muhammad Ali for the quote.)

The challenge, of course, is that you need to have a password for any number of websites.  Perhaps it's worth it to classify the sites in terms of risk of exposure and assign passwords accordingly.  Having your Facebook or Twitter site hacked is hardly the same as having a transactional (as in money) website's password stolen.

Whatever you do, do not use the same password for all your sites.  Just think what a hacker could get if your LinkedIn password were the same, for instance, as your online banking password.

No comments:

Post a Comment