Hacked! Time to Get Serious About Passwords

Earlier this month, I got an email from the company that hosts WebOver50 telling me that it had shut down the blog site after Google notified them it contained malicious content. The long and short of it was that the software I use to publish WebOver50 had been hacked.

I’d been guilty of using an easy-to-remember and therefore easy-to-guess password. Why would someone want to hack my blog? The answer: for the sport.

I had to hire a web security expert to clean up the site. And WebOver50 was shut down for more than a week. But I was lucky. I had only been inconvenienced, my identity hadn’t been stolen, my bank account hadn’t been cleaned out.

It was a wake up call: time to get serious about passwords. But what makes a hard-to-hack password? Here’s advice from the experts:

Password Do’s and Don’ts

• Do use at least 8 characters.
• Do use a mixture of lower and uppercase letters, numbers and symbols.
• Don’t use any words in a dictionary, and don’t use words spelled backwards.
• Don’t use personal information such as name, birthday, license plate, social security number, age or address.
• Don’t use letters or numbers in sequence (123, qrs).

Check the Strength of Your Password

Want to know whether your password can be easily hacked? Run it through a password checker, such as the one provided by Microsoft. Here’s an example of tweaks that will make a weak password strong.

• Swhtuur1: weak
• sWHr#Uur1: medium
• sWHr#Uur368: strong

Use a Password Generator

Do you find the thought of coming up with dozens of unique passwords daunting? Get help with a random password generator, such as the one at PC Tools. Specify the parameters (length, mixed case, numbers and letters), and it will generate hard-to-hack passwords.

Not All Passwords Are Created Equal

Is it okay to use the same password for more than one account? Cyber security expert Bill Cheswick offers this practical advice: weigh the value of the information you’re protecting. It’s okay to reuse “who cares” passwords, for your online subscription to a newspaper or magazine. If someone steals this password the most they can do is read the publication. But don’t reuse passwords for financial information like bank accounts or stock trades that could inflict serious damage if hacked. Make sure you have strong and unique passwords for these accounts and change the passwords every few months.

Write it Down?

Many experts tell you not to write down your passwords. But memorizing your passwords isn’t practical if you have more than a few. Should you keep your password list on your computer or keep a paper list? If others have easy access to your computer, storing your passwords there can be risky. One solution is to store your password list on a thumb drive, instead of your hard drive. Give the file an obscure name. (Not passwords!)

If you keep a written list, put it somewhere safe. (Taping it to your monitor is not a good idea!)

Too Much Work?

All this seems like a lot of trouble. Is it worth it?  If you’ve been the victim of cybercrime, you’ll probably answer yes. If you haven’t been hacked, consider yourself lucky. Creating strong passwords seems less of a hassle when you weigh the consequences of a hacked account, computer or website.