On December 3rd, 2013, it was announced by the web security form Trustwave that over two million user passwords had been compromised. Hacked from a variety of extremely popular sites, including Facebook, Twitter and Google, the passwords were posted onto a Russian site. The culprit is currently unknown, but their actions are the latest to expose the hugely significant shortcomings of “standard” internet security measures. Proof of that fact can be found simply by looking at the passwords themselves, which have since been reset and altered, most of which are extremely simple. The three most popular options were “123456,” “1234” and “123456789,” while the most popular option which was not numerical was “password.” Most internet passwords are indeed this basic because of a simple logical fallacy: “it hasn’t happened to me yet so I shouldn’t worry about it happening later.” In other words, many users keep their passwords simple without hesitation because they’re not worried about them being stolen, at least not until they are. Of course, your password probably won’t ever be stolen. Probability is on your side. Then again, it was on the side of these two million users as well.
You’re likely already aware of why some individuals would be interested in hacking one or more of your accounts: those accounts contain information, and information is a powerful commodity which can be sold. Obviously, the data contained on some sites is more valuable than that found on others, but that doesn’t mean you should let your guard down on any site. One password can lead to other tangential discoveries, the kind which can prove to be quite disagreeable for the party which has been hacked. Therefore, it’s certainly in your best interest to make every single password you construct as difficult to guess as possible. But how does one create a truly secure password? What are the characteristics that separate an ideal password from a poor one? Here are a few suggestions to keep in mind:
- Spell it in a more secure way: Using single words, especially ones which could be clearly associated with you or the site you’re trying to access is never a good idea. That being said, it can still be done, though doing so requires a bit of creativity. Say you want to use the word “albatross.” Sure, you could spell it normally and risk it, but why not get a little trickier? “Albatross” is a reasonably decent password, in that it’s at least not “password” or “1234,” but “aL8@+rO$s” is a much better option as far as security goes, and yet it still has whatever memorable quality the word had for you in the first place. You might even consider adding some numbers onto the end for additional security. Regardless, this is a great way to create a password that’s easy to remember but hard to hack. You can get even craftier by using phrases instead of words. The same rules apply to both.
- Avoid patterns whenever possible: “123456789” is obviously not an ideal password for a whole host of reasons, but even if you’re wisely choosing something a bit more complex patterns should still be avoided. As mentioned above, “albatross” is a decent password and “aLbAtRoSs” is even better, but “alBatROSs” is better still. The more random and unpredictable your password is the harder it will be to hack. You can find password generators online which will generate long strands of random characters for you. While these passwords are ideal from a security standpoint they have the disadvantage as being essentially impossible to memorize. In the end it’s probably best to pick a password which still has some kind of significance to you, though bear in mind that the more truly unsystematic you make it the safer it’ll be.
- Consider utilizing a password manager: If you want to use virtually unhackable randomly generated passwords without fear of forgetting them or letting them fall into the wrong hands you should consider using a password manager, a secure program which stores your passwords and makes them available to you whenever you require them, provided of course you can remember the password to the manager itself. The main advantage here is that password managers themselves can be hacked. Sure, it’s not easy, but it can be done. It’s particularly dangerous to utilize cloud-based password protection programs unless you can be absolutely sure of its validity. Instead, use a program contained locally on your computer. Also, consider using an open source application. The disadvantage of utilizing an open source program, at least as far as security is concerned, is the complete transparency of the medium. On the otherahnd, since the program’s code is always available for viewing and can be altered on the fly it’s easy to discover and correct any potential issues. Regardless, make sure that any password manager you use is reputable and well established. For example, LastPass is cloud-based and is not open source but it has a strong reputation and a great many satisfied users, so you should certainly consider it.
- Create as many unique passwords as possible: Even if you’ve created an incredibly strong password you shouldn’t rest on your laurels. Instead, get to work on creating another incredibly strong password. No matter how good your password is you’ll want to limit its usage to a site or two, because regardless of how unhackable a password might seem if it is somehow hacked you’ll want the fallout to be as minimal as possible. That doesn’t mean you have to start from scratch every time. Why not simply create a few “base passwords” and then alter them slightly on a site by site basis, perhaps augmenting them with the site’s initials or a unique string of numbers? Doing so will basically be just as secure as creating an entirely new password, and it’ll save you a lot of time and mental exhaustion.
Ultimately, most of us have passwords which are simply inadequate. We not only use these passwords for fairly minor applications like signing into message boards or logging into social media sites but for extremely important things like bank accounts. We do this because we assume we’ll be fine, that no one will hack our information or attempt to steal from us. Many of us will be lucky and avoid such occurrences, but a good percentage of us will prove to be considerably less fortunate unless we start taking precautions. Consider the tips mentioned here and ask yourself if you’re truly prepared and protected. Is there more you could do? If so, why not do it? You just might be glad you did someday.