Yesterday, the Official Google Blog posted an entry describing best practices when choosing passwords to secure your account. I agree with all the points they make and have some additional points to make about password security.
When picking a password, most people heir on the side of ease, simplicity, and speed. They know they want to make a strong password but fail to see the value of a difficult password in order to invest their effort in making one.
From my experience, a lot of novice users use really simple passwords, passwords that get compromised in massive widespread attacks and they get their accounts locked out. These are also the same people that just want to buy their security “solutions” instead of actually learning about security risks and their solutions. And finally, these users are the same ones that fear security compromise every time they sign on to check their e-mail, and these are your average AOL users.
Alright, fine, I’ll stop picking on AOL users for their elementary level of computer skills. But I will be upfront saying they are perfect targets for identity thieves and scam artists. Why? They are helpless and actually do open Spam e-mails more than any other ISP, on top of that, the phishing response levels are astounding. (That is, the number of folks that actually feel the need to supply their driver’s license information, checking account, CV2 numbers on their credit cards, etc…)
In light of this, I have some really simple pieces of advice for those that need it:
- Your password is only as secure as you make it.
- Your password is the key to your e-mail and online buddies.
- Your password is only a few keystrokes from being cracked in 30 seconds or 30 nights.
- Your password is only as strong as your Account Security Question.
- Yes, fraudsters already know your favorite restaurant, it’s either Red Lobster, Applebee’s or Olive Garden. (So don’t pick that question!)
- Change your password frequently, about every 3 months is a good idea.
- Don’t store your passwords on a Post-It Note, a text file or an Excel spreadsheet. If your computer becomes compromised, it’s treasure to ID thieves to have a list of your passwords in a file.
I like to generate my passwords myself using an online generator from GRC to generate insanely strong passwords. You might like it, and definitely comes in handy for making up a WPA keycode that’s good.
And finally, please use an anti-virus scanner. That trial that you have of Norton has expired and Norton is ranked dead last on effectiveness and speed. Uninstall Norton and consider switching to AVG or Avast! for a better, safer and faster online experience.
[Found via Techmeme and image via jerseyimage on Flickr]