Why Are We Still So Lazy with Passwords?

Let’s face it, the Internet provides an amazing convenience to citizens worldwide. As we have seen though, it has also brought an increasing number of vulnerabilities and they continue to come our way. Daily we hear about hackers and cyber criminals, the eastern block cyber mafia, ransom ware, and the never-ending discussions on malware and viruses. How about the recent Ashley Madison hack and exposure of client accounts, passwords, etc. People are even now hacking for moral good. It never ends.

Even with all of this, one thing that still has not changed is the careless management and attitude towards the easily compromised PASSWORD. I was shocked to see and hear that with the Ashley Madison hack, the passwords people were using on accounts for their ‘secret lives’ were not so secret or hard to figure out to a hacker.

The attitude of  “it won’t happen to me” or “I am protected” is putting people at risk. This attitude could not be further from the truth. Everyone is at risk and although there will never be 100% safeguards, at least start with the basics and manage your passwords appropriately.

When someone is ‘hacked’ (more formally known as compromised) and their account is being used to send SPAM it is very annoying to everyone receiving the SPAM and takes effort by you to clean things up and resolve the issue (a future post will give suggestions here). If however the ‘hack’ goes as far as you having your identity stolen I can assure you that your attitude towards passwords would be very different. It could take years to recover from such a personal breach. If you do ANYTHING on the Internet that uses any kind of personal information you are at risk so protect yourself accordingly.

There are many websites, books, and other resources that can offer suggestions and tools for creating and managing passwords effectively. But for the sake of simplicity I would like to offer up one effective way to come up with strong, but easy to remember password that will reduce your risk immediately. The idea is to take an actual easy to remember phrase and turn it into a password.

Here is an example using the phrase  :  “Italian coffee at 6AM tastes good”

Here is the password I came up with from this phrase :   iC@6aT:g

italian Coffee @ 6aM Tastes : good

Note that I have added in some ‘special characters’, which are often required for a strong password, and I have used a combination of upper and lower letters. The password is also 8 characters long, which again is a good  ‘minimum’ best practice and is often required for many passwords anyways. The use of “!” “@” and “:” is not the best because those are the most common, however when combined with the method above it does help in strengthening your password.

A few more examples:

Bring me 2 muffins for breakfast!   = Bm2:m4B&

Please don’t let me have 2 desserts = pDlm#H2d

I rode my bike 7 miles Friday  = iRmB:7mF

Note that by using this simple method your are creating a very strong password that : a.) Contains no words, b.) Meets most strong password requirements and c.) Is easy to remember. I recognize that it may take a ‘little’ bit of effort to come up with these passwords but I can assure you that the effort you put into it is MUCH less than the effort that you will have to put in recovering your life if your identity is stolen.

Another thing to be aware of is that some sites do not allow for the use of special characters. This really makes no sense however it is a reality. In that case I would suggest using the same method as above with a mix of upper and lower case or if the site allows for long passwords, try add a number of words together that don’t really make sense.

Examples:   moneystarhippocar    loosebananafortalive

A final note here on this topic, it goes without saying that you should not use the same password for every sight you register for and you most definitely should never use your email password as the password for a website that uses your email as the username or login id. Doing this puts you at significant risk if your email account is hacked because once the hacker is in, they can find out where you spend your time pretty easily and will likely figure out who bank with, you online shopping account names, and much more. That will be the topic of a future post.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: