February 1: 'National Change Your Password Day'
February 1 is 'National Change Your Password Day', and in today’s Tech Talk we will discuss passwords.
Passwords are as much a part of digital life as locks are to your real world life. It seems however that people put far more concern into choosing their physical door locks then they do constructing proper virtual locks on their most sensitive information.
We are creatures of habit and no one likes to change passwords, afterall how often do we change the locks on our doors? The difference, though, is that you don’t see all the criminal types of the entire world walking down each neighborhood street trying to pick the locks on each door they meet. In the digital world, such behavior goes on daily, and for the most part, unnoticed.
Case in point; in December 2009 an online website (rockyou.com) with over 32 million accounts was hacked. The hacker then publically published 32 million user passwords. A company named Imperva used this as a study to get a deeper look into passwords. Their findings published online showed some startling conclusions.
30% of the users had passwords of 6 or less characters, 50% used easy to guess common words, names, or slang terms, and 60% of the users only used letters and numbers with no special characters or symbols added. Of the top 10 passwords half were variations of the simple number run such as 123456. Here is a list of the top 10 passwords used by 32 MILLION clients to one website:
The number 7 most popular password was literally the name of the website. Their report shows many other tidbits of useful information regarding the passwords and I highly recommend people read it.
Add to this the fact that a majority of people use only ONE password for nearly all of their online protection and it is little wonder that identity theft is one of our world’s fastest growing crimes.
So, with National Change your Password Day in mind, let me give you a few bits of good advice on how to better secure your digital life.
• All passwords should be over 8 characters
• Passwords should contain a combination of letters (both upper & lower case), numbers, and symbols (such as #%&*!?>)
• Use an abbreviated form of a phrase for a password such as “Halt who goes there?” would become Hwhogo3sT?. Substitute 3 for e or the number 0 for the letter o
• You should set up DIFFERENT passwords for each site requiring a password from you.
To this last point it isn’t has difficult as it sounds. You can make a theme of your passwords and if I use the example I made above “Hwhogo3sT?” for say Amazon, Wells Fargo, or Apple, you could simply add 2 additional letters at the end of the password to specialize it such as Hwhogo3sT?AM, Hwhogo3sT?WF, or Hwhogo3sT?AP.
In the above example, each of the passwords is then easily remembered as they operate off a general theme, each is far more secure as they contain 12 characters containing letters (both upper and lower case), numbers, and special symbols. Such abbreviated phrases are also not as likely to be found in any hacker wordlist dictionaries.
Remember you can contact me with any of your tech questions by emailing me at firstname.lastname@example.org. This is Bill Kentner and you’ve just had your Tech Talk.