Wednesday, April 30, 2014

How To Make A Secure Password

 

Image courtesy of (Stuart Miles) / FreeDigitalPhotos.net
 


Remembering a unique login and password for every website you frequent on the Internet requires either a genius-level photographic memory or a really cool trick. Since these days I often forget what I was getting up to retrieve as soon as I leave the room, my vote goes to the really cool trick method. Here’s how to get unique AND easy to remember passwords for every website you visit.

The recently exposed “HeartBleed” bug is a coding flaw in the security and encryption protocol OpenSSL. It allows attackers to access passwords and personal information on affected websites. Open SSL is employed by more than half of all websites on the Internet. While most major websites (including Google, Yahoo, OKCupid, and Pinterest) have patched the vulnerability, the flaw has been in existence since December 2011, so any attackers that knew to exploit the hole before it was exposed could have already gained access to countless usernames and passwords. The recommendation of every potentially affected website is that you change your password.

Many people use the same username and password across most – if not all – of the websites that they login to regularly. This is a really dangerous habit as it allows a hacker to gain access to all your accounts by simply phishing one password from one vulnerable site.

Luckily for those that are memory-challenged, like me, Lifehacker published an article with a pretty amazing little trick that makes creating a different, hard to crack password for every site not only easy to make, but more importantly, easy to remember.

First, think of four to five letters that are easy for you to remember. It could be the first letters from the title of a favorite song or the punchline from a family inside joke, or the initials of your loved ones. Just make sure that it’s not an actual word so it’s hard to guess. For the purpose of creating an example, let’s use the oh-so-humble phrase “Nerd Chicks are Cool.” This means our base letters are NCaC.

Most sites require a number or character. Since not all sites support non alpha-numeric characters, next pick a favorite number. Let’s go with 13 for the sake of this example. Now we have NCaC13.
Finally, to make the password unique it’s just a matter of adding some letters from the site you’re creating the password for. Let’s say you’re creating a password at Google. The Lifehacker article suggests using the first two consonants and then vowels from the site name. For Google, that means your password would be NCaC13ggoo (your base NCaC + number + first two consonants, gg + first two vowels, oo). Your password at Amazon would be NCaC13mzaa.

You could alternatively use the first four letters in the site name, or the first two plus the last two. The secret is that you have only to remember the pattern to remember the password and you’ll have a unique password for every site you go to. Voila!

If that still seems too complicated, consider using a password management tool like LastPass. Install it on all the devices that you use to access the Internet. It’s free to install and use on all your computers and laptops, and there’s a premium version that lets you install it on your mobile devices as well for $12/year. Now you can have LastPass create your passwords for you – a seriously impossible to guess or hack monstrosity – or just have it store the ones you create. But really, why not take advantage of the password generator if you don’t have to memorize it or ever type it in?
Your passwords are encrypted and stored on your device. Data is synched across all the devices that share your LastPass login, so every device is kept up to date. However, nothing is stored at LastPass other than your LastPass username and password so a successful hacker attack to the LastPass server won’t compromise your login data for other sites. This means that once you start using it and get all your passwords stored, the only login info you will need to remember is the one for LastPass.

If there was ever a time to update your passwords, that time is now. Protect your data and personal information by reducing your exposure to the HeartBleed bug – change your passwords anywhere you store personal information like e-mails, credit card numbers, etc.

Custom Office Products